Using Transparent Authentication with SAP IDM VDS
The Virtual Directory Server (VDS) is an interesting tool, however like all IT tools, it’s just some interesting sounding technology if we do not have the ability to put it into a Use Case for the Business. With VDS one of the things that is frequently requested is some sort of authentication to the data in represented in the Virtual Directory configuration.
Of course this is not mandatory for every use case, but frequently it is required and the easiest thing to do is to leverage another Directory Server that contains users and passwords. Fortunately VDS provides something called Transparent Authorization which can be used in this case. I recently had an opportunity to work with this functionality on a recent project and thought I would share some .
One of the really cool things is that you can use this with virtually any kind of VDS implementation where VDS is being used in its LDAP representation mode (Not sure if this will work for Web Services as well) So I’m not going to spend too much time talking about the greater configuration, but I’ll focus more on what needs to happen for authentication to take place. If you’d like to play around with a configuration take a look at this post, where I walk through a virtualization of the IDM Identity Store.
First step is to change set up the authentication. Note that we set the Authentication class to “MxTransparentAuthentication” by selecting the “Change…” button. Next create two parameters as seen bellow, TRANSPARENT_DS and DEFAULTGROUP. These should be set to the IP/defined Hostname of the server to be used for Authentication and then specify the default VDS group that will be used.
Now we need to configure the Pass through part of the authentication so that the user credentials will be passed. This is done by using the asterisk ( * ) character. This character is used throughout VDS as a wildcard in the configuration.
Once this is done, start the configuration (or restart it if it’s already started) and test it out as I’ve done below using Apache Directory Explorer (or the LDAP based application / browser of your choice.)
There you go, you’re ready to access your configuration based on authenticating on an external Directory Service!