Condition d'organisation
Utilisez les utilisateurs existants définis dans le serveur LDAP d'organisation. De plus, le portail d'organisation permet de se connecter et d'accéder à CA Business Service Insight à l'aide des fonctionnalités de connexion silencieuse de CA Business Service Insight pour les portails Single Sign On (SSO).
Définissez un script de conversion Visual Basic (VB) pour la création automatique des utilisateurs dans le système CA Business Service Insight (synchronisation LDAP), le script de conversion permet de se connecter au serveur LDAP d'organisation et d'en extraire la liste d'utilisateurs. Les méthodes de package d'outils CA Business Service Insight sont utilisées pour la création des utilisateurs, groupes et rôles.
Exemple de code VB de connexion au serveur LDAP
Option Explicit On
Imports System.DirectoryServices
Public Function GetLDAPUsers(ByVal ldapServerName As String, ByVal pFindWhat As String) As ArrayList
Dim oSearcher As New DirectorySearcher
Dim oResults As SearchResultCollection
Dim oResult As SearchResult
Dim RetArray As New ArrayList
Dim mCount As Integer
Dim mIdx As Integer
Dim mLDAPRecord As String
Dim ResultFields() As String = {"securityEquals", "cn"}
Try
With oSearcher
.SearchRoot = New DirectoryEntry("LDAP://" & ldapServerName & _
"/dc=lippogeneral,dc=com")
.PropertiesToLoad.AddRange(ResultFields)
.Filter = "cn=" & pFindWhat & "*"
oResults = .FindAll()
End With
mCount = oResults.Count
If mCount > 0 Then
For Each oResult In oResults
mLDAPRecord = oResult.GetDirectoryEntry().Properties("cn").Value & " " & oResult.GetDirectoryEntry().Properties("mail").Value
RetArray.Add(mLDAPRecord)
Next
End If
Catch e As Exception
MsgBox("Error is " & e.Message)
Return RetArray
End Try
Return RetArray
End Function
Sub CheckAddUser
Dim map
Set map = Tools.GetUserDetails("acme@Test")
'Vérifiez que l'utilisateur existe
'Mappage Tools.AddUserByMap
'Vérifiez les éléments dupliqués
map("UserName") = "acme2"
map("UserPassword") = "acme2"
map("UserPasswordExpirationInterval") = "50"
map("UserDescription") = "New description"
map("UserStatus") = "INACTIVE"
Tools.AddUserByMap map
Tools.Commit
End sub
Méthodes de script de conversion VB de CA Business Service Insight
AddOrganization/IsOrganizationExists
IsRoleExists/SearchRoles
AddUserByMap/GetUserName
GetOrganizationName/IsUserExists
GetUserDetails/SearchUsers
GetUserFullName/UpdateUserByMap
AddUserGroupByMap/IsUserGroupExists
DeleteUserGroup/SearchUserGroups
GetUserGroupDetails/UpdateUserGroupByMap
Créez un code de connexion silencieuse et intégrez-le au portail d'organisation à utiliser pour la connexion au système CA Business Service Insight.
Exemple de code Gatway C# du système CA Business Service Insight (sera intégré dans le portail d'organisation)
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.ComponentModel;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Security.Cryptography.X509Certificates;
using OblicoreAuthenticationWebService;
namespace Oblicore.SSO
{
/// <summary>
/// This sample page is a sample gateway to Oblicore Guarantee(tm) application interface
/// The page should be called prior navigating to any page at Oblicore Guarantee website
/// or any page using Web Services supplied by Oblicore
/// The OblicoreGateway page should perform the following actions:
/// 1) Call Oblicore Authentication Web service in order to authenticate current user
/// 2) Call SilentLogin.asp page at Oblicore website to login silently at Oblicore website
/// and create user session context
/// 3) Redirect to desired page
/// </summary>
public partial class _Default : System.Web.UI.Page
{
/// <summary>
/// Oblicore user credentials
/// </summary>
struct UserCredentials
{
public string UserName;
public string Organization;
}
private void Page_Load(object sender, System.EventArgs e)
{
if (Request["OGSESSIONID"]!=null)
{
//We have been redirected back to this page from SilentLogin.asp after authentication.
//Save OGSESSIONID in cookie for further use
HttpCookie SessionCookie = new HttpCookie("OGSESSIONID",Request["OGSESSIONID"]);
Response.Cookies.Add(SessionCookie);
//Redirect to desired page
Response.Redirect("/");
}
else
{
//First time we enter the page.
//Let's perform authentication.
string sAuthToken = string.Empty;
// Obtain OG user name and organizations from portal user directory
UserCredentials ucOblicoreUser = GetOblicoreUserCredentials();
//Initialize Oblicore Authentication WebServce
//Project should include Web Reference to the service
//Service is located on Oblicore Guarantee website at /WebServiceN/DblicoreAuth.asmx
OblicoreAuth oAuthService = new OblicoreAuth();
// oAuthService.ClientCertificates.Add(x509);
oAuthService.Url = "https://" + "localhost" + "/WebServiceN/DblicoreAuth.asmx";
try
{
//Invoke authentication Web Service.
//The AuthenticateUser method returns encrupted token, which should be passed to
//SilentLogin.asp page, located in root folder of Oblicore Guarantee website
sAuthToken = oAuthService.AuthenticateUser(ucOblicoreUser.UserName,ucOblicoreUser.Organization);
}
catch (Exception ex)
{
//Proceed authentication error if any
Response.Write("The error has occurs during Oblicore authentication: " + ex.Message);
Response.End() ;
}
//Call SilentLogin.asp page along with passing it authentication folder
//SilentLogin.asp page is located Oblicore Guarantee website root folder
//After logging in, SilentLogin.asp page will redirect us back to the current page along with passing OGSESSIONID parameter
//Response.Redirect(ConfigurationSettings.AppSettings["OGURL"].ToString() + "/SilentLogin.asp?AuthToken="+Server.UrlEncode(sAuthToken)+"&DesiredPage="+GetCurrentPageURL());
Response.Redirect("https://vit-05/SilentLogin.asp?AuthToken=" + Server.UrlEncode(sAuthToken) + "&DesiredPage=/Oblicore.asp"); // + GetCurrentPageURL());
}
}
/// <summary>
/// Obtain Oblicore Guarantee user name and organization from portal user directory
/// The method is supposed to call ActiveDirectory or another repository using portal API
/// to obtain current user name and organization in terms of Oblicore Guarantee
/// </summary>
/// <returns>Oblicore Guarantee user credentials struct</returns>
private UserCredentials GetOblicoreUserCredentials()
{
UserCredentials ucOblicoreUser = new UserCredentials();
//currently alwasy assume user is sadmin and organization is Oblicore (default)
ucOblicoreUser.UserName = "sadmin";
ucOblicoreUser.Organization = "Oblicore";
return ucOblicoreUser;
}
/// <summary>
/// Retrieves current page URL
/// </summary>
/// <returns>Full URL of current page</returns>
private string GetCurrentPageURL()
{
string s = (Request.ServerVariables["HTTPS"]==null||Request.ServerVariables["HTTPS"].ToLower()=="off")?"http://":"https://";
s += Request.ServerVariables["SERVER_NAME"] + Request.ServerVariables["URL"];
if (Request.QueryString.ToString() != string.Empty)
{
s += "?"+Request.QueryString.ToString();
}
return s;
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
}
}
L'organigramme suivant présente aux utilisateurs le processus de synchronisation et le flux d'accès au portail. Le script de conversion est configuré pour s'exécuter périodiquement. Le script maintient la liste d'utilisateurs LDAP jusqu'à ce jour et ajoute/supprime des utilisateurs selon le besoin.
Les utilisateurs se connectent au portail d'organisation. Vous pouvez configurer le portail pour les rediriger au serveur CA Business Service Insight, ou afficher une liste d'autres applications disponibles. Le serveur CA Business Service Insight utilise les informations d'identification qui ont été fournies pendant la première connexion au portail.
|
Copyright © 2013 CA.
Tous droits réservés.
|
|