BusinessObjects Enterprise XI Release 2 COM SDK

Authentication plugins

Four authentication types are supported by BusinessObjects Enterprise: secEnterprise, secLDAP, secWindowsNT, and secWindowsAD. Each type has a corresponding plugin that acts as an authentication provider, verifying user credentials against the appropriate user database.

The authentication plugins are implemented by the following DLLs:

The secEnterprise plugin allows you to specify password settings and other security options for users who log on to the Enterprise system with a native Enterprise account. The secLDAP, secWindowsNT, and secWindowsAD plugins allow you to map a group from an external system to BusinessObjects Enterprise, enabling users who belong to that group to log on to the Enterprise system with a third-party alias.

The secLDAP, secWindowsNT, and secWindowsAD plugins also allow you to enable single sign-on (SSO) authentication. For more information on SSO authentication, see the BusinessObjects Enterprise Administrator's Guide, and the BusinessObjects Enterprise Single Sign-On Admin Library.

Note:    When you map a third-party group to the system, you can do one of two things: you can use the UserGroupAliases collection's Add Method (AddNew Method) to add a new third-party user group alias to an existing Enterprise group, and then update the appropriate authentication plugin so that the members of the third-party group are added to the system. When using AddNew(), the AliasName needs to be valid. In the second scenario, you can use the AddExisting Method to reassign an existing third-party user group alias. This situation requires that the AliasID and the AliasName are valid and in the proper format. Furthermore, it is important to recognize that you cannot use a third-party authentication plugin to create a new group.

If a third party user is added to a third party group after it has been mapped, this user will be able to log on to BusinessObjects Enterprise and the required account information will be created or added at the time of the logon. However, if a third party user exists in BusinessObjects Enterprise and he or she is removed from their mapped third party group, the user in question will no longer be able to log on to BusinessObjects Enterprise. If this occurs the users account information will remain in BusinessObjects Enterprise until the next time the authentication plugin is updated.

The authentication plugins dynamically maintain third-party user and group listings, which means that when changes are made to the third-party group membership, the listing in BusinessObjects Enterprise does not need to be updated. For instance, if you map a Windows Active Directory group to BusinessObjects Enterprise, and then you add a new Active Directory user to the Active Directory group, the third-party plugin dynamically creates an alias for that new user when he or she first logs on to BusinessObjects Enterprise with valid Active Directory credentials.

For information on querying for plugins in the CMS InfoStore, see Retrieving an authentication plugin.

Business Objects
Support services
Product Documentation on the Web