|
|
|
Requisito de organização
Utilize os usuários existentes definidos no servidor LDAP da organização. Além disso, o portal da organização é usado para o acesso e o logon no CA Business Service Insight por meio dos recursos de logon silencioso do CA Business Service Insight para os portais SSO (Single Sign On).
Defina um script de conversão de VB (Visual Basic) para a criação do usuário automático no sistema do CA Business Service Insight (sincronização LDAP). O script de conversão é usado para estabelecer conexão com o servidor LDAP da organização e extrair a lista de usuários. Os métodos do pacote de ferramentas do CA Business Service Insight são usados para a criação de usuários, grupos e funções.
Exemplo de código VB da conexão LDAP
Option Explicit On
Imports System.DirectoryServices
Public Function GetLDAPUsers(ByVal ldapServerName As String, ByVal pFindWhat As String) As ArrayList
Dim oSearcher As New DirectorySearcher
Dim oResults As SearchResultCollection
Dim oResult As SearchResult
Dim RetArray As New ArrayList
Dim mCount As Integer
Dim mIdx As Integer
Dim mLDAPRecord As String
Dim ResultFields() As String = {"securityEquals", "cn"}
Try
With oSearcher
.SearchRoot = New DirectoryEntry("LDAP://" & ldapServerName & _
"/dc=lippogeneral,dc=com")
.PropertiesToLoad.AddRange(ResultFields)
.Filter = "cn=" & pFindWhat & "*"
oResults = .FindAll()
End With
mCount = oResults.Count
If mCount > 0 Then
For Each oResult In oResults
mLDAPRecord = oResult.GetDirectoryEntry().Properties("cn").Value & " " & oResult.GetDirectoryEntry().Properties("mail").Value
RetArray.Add(mLDAPRecord)
Next
End If
Catch e As Exception
MsgBox("Error is " & e.Message)
Retornar RetArray
End Try
Retornar RetArray
End Function
Sub CheckAddUser
Dim map
Set map = Tools.GetUserDetails("acme@Test")
'Check user already exists
'Tools.AddUserByMap map
'Check with duplicate
map("UserName") = "acme2"
map("UserPassword") = "acme2"
map("UserPasswordExpirationInterval") = "50"
map("UserDescription") = "New description"
map("UserStatus") = "INACTIVE"
Tools.AddUserByMap map
Tools.Commit
End Sub
Métodos do script de conversão de VB do CA Business Service Insight
AddOrganization/IsOrganizationExists
IsRoleExists/SearchRoles
AddUserByMap/GetUserName
GetOrganizationName/IsUserExists
GetUserDetails/SearchUsers
GetUserFullName/UpdateUserByMap
AddUserGroupByMap/IsUserGroupExists
DeleteUserGroup/SearchUserGroups
GetUserGroupDetails/UpdateUserGroupByMap
Crie o código de “logon silencioso” e integre-o ao portal da organização para ser usado no logon do CA Business Service Insight.
Exemplo de código C# no gatway do CA Business Service Insight (a ser integrado ao portal da organização)
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.ComponentModel;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Security.Cryptography.X509Certificates;
using OblicoreAuthenticationWebService;
namespace Oblicore.SSO
{
/// <summary>
/// This sample page is a sample gateway to Oblicore Guarantee(tm) application interface
/// The page should be called prior navigating to any page at Oblicore Guarantee website
/// or any page using Web Services supplied by Oblicore
/// The OblicoreGateway page should perform the following actions:
/// 1) Call Oblicore Authentication Web service in order to authenticate current user
/// 2) Call SilentLogin.asp page at Oblicore website to login silently at Oblicore website
/// and create user session context
/// 3) Redirect to desired page
/// </summary>
public partial class _Default : System.Web.UI.Page
{
/// <summary>
/// Oblicore user credentials
/// </summary>
struct UserCredentials
{
public string UserName;
public string Organization;
}
private void Page_Load(object sender, System.EventArgs e)
{
if (Request["OGSESSIONID"]!=null)
{
//We have been redirected back to this page from SilentLogin.asp after authentication.
//Save OGSESSIONID in cookie for further use
HttpCookie SessionCookie = new HttpCookie("OGSESSIONID",Request["OGSESSIONID"]);
Response.Cookies.Add(SessionCookie);
//Redirect to desired page
Response.Redirect("/");
}
else
{
//First time we enter the page.
//Let's perform authentication.
string sAuthToken = string.Empty;
// Obtain OG user name and organizations from portal user directory
UserCredentials ucOblicoreUser = GetOblicoreUserCredentials();
//Initialize Oblicore Authentication WebServce
//Project should include Web Reference to the service
//Service is located on Oblicore Guarantee website at /WebServices/OblicoreAuth.asmx
OblicoreAuth oAuthService = new OblicoreAuth();
// oAuthService.ClientCertificates.Add(x509);
oAuthService.Url = "https://" + "localhost" + "/WebServices/OblicoreAuth.asmx";
try
{
//Invoke authentication Web Service.
//The AuthenticateUser method returns encrupted token, which should be passed to
//SilentLogin.asp page, located in root folder of Oblicore Guarantee website
sAuthToken = oAuthService.AuthenticateUser(ucOblicoreUser.UserName,ucOblicoreUser.Organization);
}
catch (Exception ex)
{
//Proceed authentication error if any
Response.Write("The error has occurs during Oblicore authentication: " + ex.Message);
Response.End() ;
}
//Call SilentLogin.asp page along with passing it authentication folder
//SilentLogin.asp page is located Oblicore Guarantee website root folder
//After logging in, SilentLogin.asp page will redirect us back to the current page along with passing OGSESSIONID parameter
//Response.Redirect(ConfigurationSettings.AppSettings["OGURL"].ToString() + "/SilentLogin.asp?AuthToken="+Server.UrlEncode(sAuthToken)+"&DesiredPage="+GetCurrentPageURL());
Response.Redirect("https://vit-05/SilentLogin.asp?AuthToken=" + Server.UrlEncode(sAuthToken) + "&DesiredPage=/Oblicore.asp"); // + GetCurrentPageURL());
}
}
/// <summary>
/// Obtain Oblicore Guarantee user name and organization from portal user directory
/// The method is supposed to call ActiveDirectory or another repository using portal API
/// to obtain current user name and organization in terms of Oblicore Guarantee
/// </summary>
/// <returns>Oblicore Guarantee user credentials struct</returns>
private UserCredentials GetOblicoreUserCredentials()
{
UserCredentials ucOblicoreUser = new UserCredentials();
//currently alwasy assume user is sadmin and organization is Oblicore (default)
ucOblicoreUser.UserName = "sadmin";
ucOblicoreUser.Organization = "Oblicore";
return ucOblicoreUser;
}
/// <summary>
/// Retrieves current page URL
/// </summary>
/// <returns>Full URL of current page</returns>
private string GetCurrentPageURL()
{
string s = (Request.ServerVariables["HTTPS"]==null||Request.ServerVariables["HTTPS"].ToLower()=="off")?"http://":"https://";
s += Request.ServerVariables["SERVER_NAME"] + Request.ServerVariables["URL"];
if (Request.QueryString.ToString() != string.Empty)
{
s += "?"+Request.QueryString.ToString();
}
return s;
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
}
}
O diagrama abaixo mostra o processo de sincronização de usuários e o fluxo de acessos ao portal. O script de conversão é configurado para ser executado periodicamente. O script mantém a lista de usuários de LDAP atualizada e adiciona e remove os usuários, conforme necessário.
Os usuários executam um logon no portal da organização. O portal pode ser executado para redirecioná-los para o servidor do CA Business Service Insight ou exibir uma lista dos outros aplicativos disponíveis. O servidor do CA Business Service Insight usa as credenciais fornecidas ao efetuar logon no portal inicial.
| Copyright © 2012 CA. Todos os direitos reservados. | Enviar email à CA Technologies sobre este tópico |