Hyperion Security Integration SDK Reference

This is the security platform API specification.

See:
          Description

Packages
com.hyperion.css Provides the classes necessary to create and use the security platform and the contract that all providers must implement.
com.hyperion.css.application Provides functionality that Hyperion-based applications must implement in order to use the security platform.
com.hyperion.css.common Provides the classes necessary to store common informational elements and describe information retrieved from directory stores and utility classes.
com.hyperion.css.common.configuration Provides functionality to retrieve and use the configuration specified by each application implementing the security platform.
com.hyperion.css.i18n Provides localization support.
com.hyperion.css.spi Provides implementations of the built-in providers and the factory interface that would need to be implemented for a custom provider to be plugged into the security platform.
sampleApplications Provides the classes that make up sample programs demonstrating the implementation of the application contract and single sign-on.

 

This is the security platform API specification. This platform includes the API for the application contract enabling Hyperion applications to use external authentication and single sign on. This platform also includes the API for the provider contract that enables the development of custom authentication providers in addition to the built-in support supplied for LDAP, Windows NT LAN Manager, and Microsoft Windows Active Directory.

Security platform
A framework providing the ability for Hyperion applications to use external authentication and single sign on. To enable this functionality, the application administrator or installer needs to configure the application to be compatible with the company's own repository of users and groups (see Configuration). This reference is the API documentation for implementing the security functionality on custom Hyperion-based applications.

External authentication
The user information needed to log on to a Hyperion application is stored outside of the Hyperion application. The information is instead maintained in a corporate authentication repository.

Authentication repository
A centralized, corporate store of user and group information. May also be referred to as "directory" or "provider." The security platform provides built-in support for the following providers: Lightweight Directory Access Protocol (LDAP) Directory, Windows NT LAN Manager (NTLM), and Microsoft Active Directory (MSAD).

Single sign-on
The ability of an externally authenticated user to access multiple, linked Hyperion applications after logging on only to the first application. When the user logs in to the first Hyperion application, an encrypted token of credentials is generated by the security platform and passed back to the calling application. When the user launches secondary applications from within the first application, no further authentication is required.

Configuration
The security platform relies on an XML document to be configured by the product administrator or installer of the software. The XML document must be modified to indicate meaningful values for properties, specifying locations and attributes pertaining to the corporate authentication scenario. For configuration instructions, see the documentation for the applicable Hyperion product.

Application implementation
All or part of a program fulfilling the application contract by utilizing the application interface to the security platform. For an example, see MyApp.java in the sample applications package.

Application interface
The API interface providing functionality that custom Hyperion-based applications must implement in order to use the security platform. This interface is CSSApplicationIF in package com.hyperion.css.application.

Security platform interface
The API interface providing external authentication and single sign-on functionality to the application implementation. This interface is CSSAPIIF in package com.hyperion.css.

Security Agent
A Web Access Management Solutions provider employed by companies to manage and enforce authentication, authorization, and single sign-on. Examples: Netegrity SiteMinder, IBM Tivoli Access Manager. The Hyperion security platform enables single sign-on for a user into a web-based Hyperion application without challenging the user for credentials, as long as the Security Agent has already authenticated the user. Integration with a Security Agent requires configuration of the <securityAgent></securityAgent> element in the XML configuration file. The term Security Agent is interchangeable with Web Security Agent.

Provider interface
The API interface specifying the contract that must be implemented by a class or module to provide for interaction with a repository containing user or group information.

Provider contract
See Guidelines to Writing a Custom Provider.


Copyright 2004 Hyperion Solutions Corporation. All rights reserved.