Activating and configuring OA Framework authentication

The interface information for the OA Framework authentication is included in the Infor BI Repository Administration. However, the OA Framework authentication is registered by default only if it has been selected when creating the database.

The OA Framework provider is very similar to the LDAP provider. Most of the settings are the same. The OA Framework is used with OA LDAP stores only that contain OA Framework users and groups.

Note: This provider does not support a user name and password log-on. Applications such as Infor BI Application Studio and Infor BI Repository Administration cannot log on to repositories using this provider. You must contact your OA Framework administrator for the OA Framework specific settings.

To activate and configure OA Framework authentication:

  1. To register the authentication system, right-click the User Management node in the tree and select the Authentication Systems command. The Authentication Systems dialog opens.
  2. Click Register. The Register Authentication System dialog opens.
  3. Select the OA Framework check box.
  4. Click OK. This activates all versions of the DLL files for the OA Framework authentication. The OA Framework authentication system is now shown in the Authentication Systems dialog.
  5. To configure the OA Framework authentication provider settings, select the OA Framework authentication system in the Authentication Systems dialog and click Properties. The OA Framework Authentication System Properties dialog opens.
  6. To enable the connection to the LDAP server, specify this information on the General tab:
    LDAP server name
    Specify the unique server name or the IP address of the server where the LDAP directory is located, for example, myldapserver.
    LDAP port number
    Specify the port number of the LDAP server.
    Unique name of the root directory
    Specify the unique name of the root directory. The default value is dc=infor,dc=com and should only be changed by the OA Framework administrator.
  7. The default values on the User and Group tabs are all valid and should only be changed by the OA Framework administrator.
  8. Specify the authentication methods that are used to access the OA Framework authentication system on the Authentication System tab:
    Basic authentication (simple bind)
    Select this check box to use Basic authentication (simple bind) in the OA Framework authentication provider.
    Secure

    Requests secure authentication. When this check box is selected, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client. When the user name and password are a null reference (Nothing in Visual Basic), ADSI binds to the object using the security context of the calling thread. In this connection it is either the security context of the user account under which the application is running or of the client user account that the calling thread is impersonating.

    • Sealing: Encrypts data using Kerberos.
    • Signing: Verifies data integrity to ensure that the data received is the same as the data sent.
    Anonymous
    No authentication is performed.
    Use SSL
    Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.
    Fast bind
    Specifies that ADSI will not attempt to query the Active Directory Domain Services objectClass property. Therefore, only the base interfaces that are supported by all ADSI objects will be exposed. Other interfaces that the object supports will not be available. A user can use this option to boost the performance in a series of object manipulations that involve only methods of the base interfaces. However, ADSI does not verify if any of the request objects actually exist on the server.
    Server bind
    If your ADsPath includes a server name, select this check box when using the LDAP provider. Do not select this check box for paths that include a domain name or for serverless paths. Specifying a server name without also selecting this check box results in unnecessary network traffic.
    Delegation
    Enables Active Directory Services Interface (ADSI) to delegate the user's security context. This is required for moving objects across domains.
    Read-only server
    For a WinNT provider, ADSI tries to connect to a domain controller. For Active Directory Domain Services, a selected check box indicates that a writable server is not required for a serverless binding.
  9. On the Administration tab, specify the name and password of the administrator to log on to the LDAP server.
  10. On the Encryption tab, the information that is used for the encryption of data is shown:
    Secret key
    This value must be set by the OA Framework administrator.
    Initialization vector
    This value must be set by the OA Framework administrator.
  11. Select the check box Show users of registered groups to display the OA Framework users who are registered by their group membership in the User Management of the repository database.
  12. To check the configured OA Framework authentication, click Test.
  13. To save the OA Framework Authentication System Properties, click OK.

    When you have activated and configured the OA Framework authentication system, you may add users and groups in the User Management.

    See Registering users and groups.

Parent topic: Administering authentication systems