Configure the Community component

This section describes how to set up the Community component to produce the SecurityInfo string for you automatically.

You configure the Community component in the Community configuration file. You must set up the user security type for Community in a similar way to the one that you set up for the Content component. For example:

[UserSecurity]
DefaultSecurityType=0
DocumentSecurity=True
...
6=NT

...
		
[NT]
CaseSensitiveUserNames=False
CaseSensitiveGroupNames=False
// Authentication
Library=C:/KnowledgeDiscovery/modules/user_ntsecurity
EnableLogging=True
// Group server
DocumentSecurity=True
V4=True
GroupServerHost=127.0.0.1
GroupServerPort=3057
GroupServerPrefixDomain=True
SecurityFieldCSVs=username,domain
Domain=DOMAIN
DocumentSecurityType=NT_V4

The DocumentSecurityType parameter links the [NT] security string section to the Knowledge Discovery security type.

The GroupServerHost and GroupServerPort parameters configure Community to collect group membership information from your OmniGroupServer.

You might also need to add the GroupServerPrefixDomain and Domain parameters, depending on how the groups appear in your OmniGroupServer. When OmniGroupServer checks group membership, it uses exact string matches. If the group information in OmniGroupServer contains a domain prefix and the request from Community does not, use GroupServerPrefixDomain and Domain to ensure that OmniGroupServer uses the correct domain prefix.

TIP: You can see the actions that OmniGroupServer receives by looking at the request log:

http://localhost:3057/action=grl

As an alternative to running the grl action, you can use the Logs page in the Monitor section of Knowledge Discovery Admin to view the Request log.

Community does not send any requests until you add a user and request the security info string.

To add a user, use the UserAdd action (for more information, refer to the Community Component Help).

After you have added the user, you can retrieve the SecurityInfo string by sending the UserRead action for that user with the SecurityInfo parameter set to True.

TIP: As an alternative to running actions, you can use the Users page in the Control section of Knowledge Discovery Admin to set up and manage users.

TIP: To troubleshoot issues with the security information, you can use the UserDecryptSecurityInfo action to decrypt a security string, for example to check that it contains the right permissions and restrictions.

SecurityInfo Token Expiration

You can configure SecurityInfo tokens to expire after a particular time, by using the SecurityTokenLifetime configuration parameter. This parameter specifies the total lifetime of the token, after which a user must request a new token (for example, by logging in to an application again).

You can also configure SecurityTokenIdleTime and SecurityTokenRefreshInterval to expire tokens when a user becomes inactive. When you set these parameters, Community can refresh a token that is close to expiration, up to the configured SecurityTokenLifetime. The token also expires if the user does not send any requests before the specified SecurityTokenIdleTime.