Default language.

AREA plug-ins

AR System External Authentication (AREA) provides a way to validate users by connecting  to a data source outside the  database. To enable this, you can use the AREA LDAP plug-in or create a custom plug-in for authentication services such as Kerberos. See Creating-C-plug-ins for details.

When users first log in to  through a client or when a client issues an API call to , the  verifies the user name and password. If the user name and password are in the User form, the server authenticates the information and processes the login or API call.

If the user information is not in the User form or if the user password is blank in the User form, the  sends an authentication request to the plug-in server. The request passes from the plug-in server through the AREA plug-in instance to the external authentication source. The external authentication source sends authentication information back through the same path to the . (For the  to use an AREA plug-in to authorize logins, the corresponding entries in the User form must have blank passwords.)

If the authentication source verifies that the user information is valid, the  processes the API call or allows the user to log in. When the authentication information is not verified (that is, the information is incorrect, incomplete, or cannot be found in the external data source), the  returns an error message to the client.

The plug-in can load only one AREA plug-in instance at a time. An AREA plug-in can be configured to access one or more data sources.

AREA plug-ins can selectively override field values entered in the User form. (The plug-in behavior depends on how you configure the plug-in, such as whether you enable the Cross Reference Blank Password and the Authenticate Unregistered users options.)

External authentication architecture

ex-autharch.gif

AREA plug-in Java methods

The methods defined in the AREAPluggable interface and the AREAPlugin abstract class are common to all plug-in types. For more information, see the Java plug-in API online documentation located at ARSystemServerInstallDir\ARserver\api\javaplugins\arpluginsdocVerNum.jar.

AREA plug-in C API functions

Following are the AREA plug-in API functions:

  • AREAFreeCallback
  • AREANeedToSyncCallback
  • AREAVerifyLoginCallback

For more information, see AR-System-C-API-functions.

Installing sample AREA implementations

When you install , you can install a sample Java AREA LDAP implementation, including an AREA LDAP plug-in. That plug-in provides you with an integration point between  and LDAP directory services. 

You must create a custom plug-in to integrate  with external authentication services such as Kerberos. See Creating-Java-plug-ins for details. 

Example flow of requests and data for an AREA plug-in 

dataflowAREAlogin.gif

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*