Slide1 l.jpg
1 / 61


Uploaded on:
Category: General / Misc
TIVOLI ACCESS MANAGER FOR ENTERPRISE SINGLE SIGN ON (ESSO) (ADVANCED ACCESSPROFILING) UNIT THREE Author: Sharad Ganesh/New York/IBM Pre-requisites and goals Pre-requisite for taking this Unit
Slide 1


Slide 2

Pre-requirements and objectives Pre-essential for taking this Unit Taken the Tivoli Access Manager for ESSO fueled by Encentuate fundamental preparing and the Advanced AccessProfiling Unit One & Two modules. Utilizing the approachs as a part of Unit One, you ought to have the capacity to compose the right mark for applications, windows, controls, web components and so on. Comprehend the idea of a work process motor (otherwise known as state motor) displayed in an AccessProfile. See how to compose an AccessProfile to show the application work process of enthusiasm utilizing the accessible triggers. Acquainted with the trigger match instrument and how the state move happens reflecting the application work process of hobby. Unit Three objectives Single Sign On (SSO) catch, auto-fill and spare activities Standard work process computerization activities Understanding what you can do with the information exchange activity Graceful logoff for application(s) What would you be able to do with AccessAgent modules? (Modules as activities) Actions for obliging client access

Slide 3

Agenda (Topics secured) Recap of the state motor/work process motor execution model Understanding the idea of an activity by sample SSO activities State move Concept of an activity and work process robotization Actions for work process mechanization Actions to set a property estimation Actions to exchange information from a property or string literals to a window, control, data field and the other way around. Understanding what you can do with the information exchange activity Plugins as activities Hands on activities

Slide 4

Recap of the state motor/work process motor execution demonstrate An AccessProfile models the application work process of hobby. This work process chart for an application is known as a state motor or work process motor. The AccessProfile embodies: Events in the application work process you need to screen. What activities (if any) you need to perform when each of those occasions is gotten. We will now audit how you can feel free to comprehend picking activities to use for work process mechanization, that incorporates single sign-on, change watchword, close down and so forth

Slide 5

Understanding the idea of an activity by case AccessProfile

Slide 6

Understanding the idea of an activity by illustration proceeded with Actions

Slide 7

What is an activity? “An activity or an arrangement of actions” mechanizes dull operations (entering username, secret key, sign on, log off and so on.) for the user’s benefit as opposed to having the client do them physically each and every time. Illustration: Clicking a catch Capture and playback a user’s qualification when an application’s sign on screen is seen Keystroke mechanization Actions are executed on a trigger match When a trigger matches effectively, activities under the trigger are executed all together. Activities are executed successively. Activities can bring about era of occasions that can then match triggers in the watch list. Prior to the activities begin executing, the triggers in the following condition of the coordinated trigger are as of now added to the watch list. (Note: activities can produce occasions)

Slide 8

Capture and spare qualifications (Account information) for SSO Concept User accreditations entered in an application should be safely caught and spared in the TAM ESSO wallet for future playback. Contemplations The client accreditations (account information) can be caught from a solitary screen or over various screens. Normally username, secret word and so forth will be in agreement/screen Many situations where username is on one screen and the watchword on an alternate screen. The procedure of gathering the qualifications is termed as ‘Capture’ The procedure of really putting away the gathered certifications (‘Capture’) to the user’s TAM ESSO wallet is termed as ‘Save’. (Note: qualification in the middle of catch and spare) Three things you have to know for Capture Account information layout Authentication administration (Auth information) Account information sack (account information pack recognized by an ID) One thing you have to know for Save Account information sack (account information pack ID)

Slide 9

Capture and spare accreditations (Account information) for SSO proceeded with Account information format (Components of a certification) An accreditation comprises of ID data entered by the client to sign on. Segments of a certification regularly are: Username, Password Username, Password, space Password just (think VNC) Username, secret word & third field and so forth. Verification administration (Auth information) IS THE [Verification entity] Account information is approved against a “verification entity” Account information is put away for a “verification entity”. Account information must know the verfication substance Many applications can have the same “verification entity” Example: Lotus Notes Email application, Lotus Sametime envoy utilize the same check element. Yippee Mail, Yahoo delivery person, Yahoo gatherings utilize the same “verification entity” Many applications can utilize the area accreditations and the venture space can be the “verification entity” Account information (certification) put away in TAM ESSO wallet by “Authentication service” name. One passage in your TAM ESSO wallet per validation administration. Account information pack [Name=value pair  Account information sack id = account data] Container for record information and validation recognized by a name.

Slide 10

Authentication administration for catch (ID, name) Identifying the verification administration is MANDATORY for record information catch. Two sorts of confirmation administration for catch Direct auth data. The careful validation administration can be resolved and made when composing the AccessProfile. i.e. verification administration is steady and does not change. Confirmation administration is recognized by an ID and a name (that will be seen on the TAM ESSO wallet) when the accreditation for this auth administration is caught. Account information can utilize this direct auth data from the auth information. dropdown. Under Policies in AccessStudio, you can make this an undertaking auth administration Indirect auth information. Verification administration can be resolved from some field in the application. Verification administration changes relying upon what the client enters or chooses. Illustration: Domain name is the verification administration in Windows. It can be resolved just from the space drop-down. You can't hardcode the space name in the AccessProfile, on the grounds that client can choose what area they need to sign on to. Case: nature name could be the verification benefit, whose quality can be resolved from the site page. The client could pick a domain to sign on to. Circuitous validation administrations are as a matter of course caught as an individual verification administration for a client.

Slide 11

Authentication administration for catch (ID, name) proceeded with Indirect auth data Unlike direct auth information, which is pre-characterized and determined in your AccessProfile, a backhanded auth administration is caught at run time when the application is dispatched. Backhanded auth administration of course is caught as an individual confirmation administration for every client. Verification administration match instrument Direct auth data. – No match needed subsequent to the direct auth. Information is as of now indicated in the AccessProfile in the Capture activity. Roundabout auth data. Auth data string is caught from the application Goes through all the verification administrations in the framework and check if the “Auth information string” matches the string under “Server locators for Capture” under every confirmation administration. In the event that match is discovered, certification is caught under that validation administration. In the event that no match is discovered, this aberrant auth data string is caught as an individual validation administration for every client, with name = Auth information. String caught from the application. Server locators  pseudonyms for a validation administration  circuitous auth information strings

Slide 12

Authentication administration for catch (ID, name) proceeded with Indirect auth data as big business confirmation administration Create a New Authentication Service from AccessStudio with an ID and a name that you might want to see on the user’s wallet. Include the strings that will be caught through the roundabout auth data to the Server Locators - > Server locators to be utilized for infusion and catch. Under Policies, check “This is a venture confirmation service” to make it an endeavor verification administration. Let’s take a gander at this from AccessStudio

Slide 13

Authentication administration bunches When do I have to utilize validation administration bunches? Application can utilize more than one verification benefit No approach to figure out which validation administration to use from a rundown of confirmation administrations. Utilization case: Many areas to which client can sign on. At the log on screen, client may need to choose an area or enter the space field. Along these lines, the verification administration can't be resolved until the client really enters/chooses the one to be utilized. Utilized as a part of a Capture and Auto-fill (Inject) activity How is it utilized? Catch qualification In a “captures client credentials” activity on the off chance that you need to add the validation administration caught to a group(s), simply include the Authentication administration group(s) you need to connection this caught verification administration to. Connection is built up amid catch between verification administration and the group(s). This connection can be physically settled from AccessStudio. Auto-fill accreditation In a “Auto-fills client credentials” activity, you can indicate a rundown of group(s) from which you need the qualifications to be gotten. The accreditation alongside the real verification administration name will show up in the dialog box chooser from which the client can choose the qualification to infuse. Both the certifications and the verification administration field (auth_moniker) can be infused utilizing infusion fields

Slide 14