AREA plug-ins

AR System External Authentication (AREA plug-in) provides a way to validate users by connecting AR System to a data source outside the AR System database. To enable this, you can use the AREA LDAP plug-in or create a custom plug-in for authentication services such as Kerberos. For more information, see Creating-C-plug-ins.

When users first log in to AR System through a client or when a client issues an API call to AR System, the AR System serververifies the user name and password. If the username and password are in the User form, the server authenticates the information and processes the login or API call.

Related topics

ARDBC-plug-ins

Creating-C-plug-ins

Creating-Java-plug-ins

If the user information is not in the User form or if the user password is blank in the User form, the AR System sends an authentication request to the plug-in server. The request passes from the plug-in server through the AREA plug-in instance to the external authentication source. The external authentication source sends authentication information back through the same path to the AR System. For the AR System to use an AREA plug-in to authorize logins, the corresponding entries in the User form must have blank passwords.

If the authentication source verifies that the user information is valid, the AR System processes the API call or allows the user to log in. When the authentication information is not verified, that is, the information is incorrect, incomplete, or cannot be found in the external data source, the AR System returns an error message to the client.

The plug-in can load only one AREA plug-in instance at a time. An AREA plug-in can be configured to access one or more data sources.

AREA plug-ins can selectively override field values entered in the User form. The plug-in behavior depends on how you configure the plug-in, such as whether you enable the Cross Reference Blank Password and the Authenticate Unregistered users options.

The following image shows the external authentication architecture:

22.1_External_authentication_architecture.png

AREA plug-in Java methods

The methods defined in the AREAPluggable interface and the AREAPlugin abstract classes are common to all plug-in types. For more information, see the Java plug-in API online documentation located at ARSystemServerInstallDir\ARserver\api\javaplugins\arpluginsdocVerNum.jar.

AREA plug-in C API functions

The following AREA plug-in API functions are available:

  • AREAFreeCallback
  • AREANeedToSyncCallback
  • AREAVerifyLoginCallback

For more information, see AR-System-C-API-functions.

Installing sample AREA implementations

When you install AR System, you can install a sample Java AREA LDAP implementation, including an AREA LDAP plug-in. This plug-in provides you with an integration point between AR System and LDAP directory services. 

You must create a custom plug-in to integrate AR System with external authentication services such as Kerberos. For more information, see Creating-Java-plug-ins.

The following image shows an example of the flow of requests and data for an AREA plug-in:

22.1_Example_flow_of_requests_and_data_for_an_AREA_plug-in .png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*