Configure IDOL Server
NOTE: Mapped Security for Salesforce requires IDOL Server 12.10 or later.
This section describes the configuration changes that are required in IDOL Server to enable mapped security for documents that originate from Salesforce. For more information about configuring mapped security in IDOL Server, refer to the IDOL Document Security Administration Guide.
Content Component
The first requirement is to add a field processing rule so that the IDOL Content component can determine whether a document is protected by Salesforce security. Field processing rules are configured in the [FieldProcessing]
section of the Content component configuration file.
The following example instructs the Content component to search for a field named SECURITYTYPE
and check for the value SALESFORCE
. You should have configured your Salesforce Connector to add this field to every document (see Retrieve and Index Access Control Lists).
[FieldProcessing] ... 29=DetectSalesforceSecurity [DetectSalesforceSecurity] Property=SecuritySalesforce PropertyFieldCSVs=*/SECURITYTYPE PropertyMatch=SALESFORCE [SecuritySalesforce] SecurityType=Salesforce_V4
After the Content component has determined that a document is protected by Salesforce security, it must process the ACL that the Salesforce Connector has added to the document in the AUTONOMYMETADATA
field.
To process ACLs added to documents by the Salesforce Connector, configure custom mapped security (Type=AUTONOMY_SECURITY_V4_GENERIC_MAPPED
). Document security is configured in the [Security]
section of the Content component configuration file.
[Security] ... 6=Salesforce_V4 [Salesforce_V4] SecurityCode=6 Library=./modules/mapped_security Type=AUTONOMY_SECURITY_V4_GENERIC_MAPPED ReferenceField=*/AUTONOMYMETADATA //Logging=TRUE //DebugDecrypt=TRUE SecurityACLFormat=U:<U=SLEC+>:G:<G=SLEC+> SecurityACLCheck=U=[U]?P:-,G=[G]?P:F IndexHashedACLs=TRUE ACLTruth=FAFAAAAA
IMPORTANT: Ensure that the SecurityACLFormat
and SecurityACLCheck
parameters are set exactly as shown in the example above.
Community Component
The final requirement is to configure user security so that when a user logs on to a front-end application, IDOL Server can return a security token that includes their Salesforce group memberships. User security is configured in the [Security]
section of the Community component configuration file.
Add a new section for Salesforce, similar to the following example:
[Security] 7=Salesforce [Salesforce] DocumentSecurity=TRUE GroupServerHost=localhost GroupServerPort=3057 GroupServerRepository=Salesforce SecurityFieldCSVs=username DocumentSecurityType=Salesforce_V4 CaseSensitiveUserNames=FALSE CaseSensitiveGroupNames=FALSE
The GroupServerHost
and GroupServerPort
parameters should specify the host name or IP address, and ACI port, of your OmniGroupServer. The GroupServerRepository
parameter should specify the name of the repository that you created when you configured OGS (see Retrieve Security Group Information).