You can set up security for a third-party interface, and use IDOL Server to ensure that result documents are displayed only to people who have the appropriate privileges.
To set up security for a third-party interface
In the IDOL Server configuration file, create the user security types for the repositories from which data is indexed (see Configure User Security). If you want IDOL Server to perform authentication, you must include a security type that specifies the security library that IDOL Server uses for authentication.
In the front-end application, define the user’s security details for the user security types you have set up in IDOL server. You can do this by creating the user in IDOL Server using the UserAdd
action, and specifying the user’s security details for the repositories. For example:
http://localhost:9000/action=UserAdd
&UserName=JSmith &Password=secret123 &SecurityNTUserusername=JohnS &SecurityNTUserDomain=MyCompany
This defines a user whose autonomy
user name and password are JSmith
and secret123
, and whose user name and domain in the repository for which the NTUser
section sets up security are JohnS
and MyCompany
.
Refer to the IDOL Server Reference for full details of how to use actions to define and edit users in IDOL Server.
When a user logs on to the system, your front-end application must communicate with IDOL Server to retrieve an encrypted string that contains the user’s security details for your repositories.
Send a UserRead
action to IDOL Server, with the SecurityInfo
action parameter set to true
. You must include the user’s user name and password for the repository that IDOL Server authenticates against. You must also include the domain if you are authenticating against an NT repository. For example:
http://localhost:9000/action=UserRead &UserName=JSmith &Password=secret123 &SecurityInfo=true
If the CheckEntitlement
configuration parameter is set to true
, the user is also implicitly authenticated before the securityinfo
string is returned.
IDOL Server returns XML details of the user’s settings, including an encrypted security string that includes the details for all the repositories for which you have set up IDOL Server user security types.
Configure the front-end application to specify the encrypted security string returned in Step 3 as the value of the SecurityInfo
parameter when the front-end application sends queries to IDOL Server (for example, using the Agent
, Profile
, Suggest
and Query
actions).
For example:
http://localhost:9000/action=Query &Text=accounts &SecurityInfo=encrypted_string
Query IDOL Content with Security Information includes an example of how to use the SecurityInfo
parameter.
Refer to the IDOL Server Reference for full details of the actions that you can send to IDOL Server.
Instead of sending actions to generate the security string in the steps outlined above, you can use the ACI API to create the encrypted strings. For more information, refer to the ACI API Programming Guide.
NOTE: Actions issued through a browser must be percent encoded to allow unreserved alphanumeric characters. For example, the user name us\jsmith
is a valid format for IAS, but an action issued through a browser to IDOL server must percent-encode the unreserved URL character: us%5cjsmith
.