Specifies the configuration needed for custom external authentication using Analytic Services libraries.
This version of the AUTHENTICATIONMODULE setting is supported for backward compatibility. It is strongly recommended that you implement the Hyperion security plaform; for more information, see Configuration for External Authentication in the security platform section.
AUTHENTICATIONMODULE module_name library_name max_wait_time default_connection_parameters@hostname:port_number
module_name | The name of the authentication module. Use the value that corresponds to the external
authentication server you plan to use:
Please contact Product Management for more information about implementing custom authentication protocols. |
library_name | The directory path and name of the library that implements the authentication protocol.
For all platforms, the library that implements the authentication protocol is
located in ARBORPATH\bin . The library name depends on the type of external authentication, and the operating system where you have installed Analytic Services.
For LDAP:
For MSAD:
|
max_wait_time | The connection timeout period, in seconds. |
default_connection_parameters | The default value is FALSE. Valid values can be anything representing private data needed to authenticate the user with the authentication protocol. For example, in an LDAP schema, default connection parameters would be the portion of the DN (Distinguished Name) other than the user name. Size of ddefault_connection_parameters cannot exceed 256 bytes. |
@ host_name: port_number |
The host name and port number of the directory server that authenticates the user.
For example, this could be the host name and port number of an LDAP directory running on the network. Note:You must type the character "@" before the host name, and type the character ":" between host name and port number. |
essbase.cfg
configuration file, use adequate
operating system security to prevent unauthorized installation of authentication
modules. Do not add AUTHENTICATIONMODULE to the client essbase.cfg
file,
as it is not involved in external authentication. Only the essbase.cfg
file on the server computer should contain AUTHENTICATIONMODULE.
Example 1
The entries in this example allow users in the group Engineers from domain yahoo.com to be authenticated on host Gorky, via port number 389, with a timeout period of 30 seconds.
AuthenticationModule LDAP essldap.dll 30 cn=Engineers, ou=Groups, dc=yahoo, dc=com@Gorky:389
Example 2
The entries in this example allow users in the group Engineers from domain yahoo.com to be authenticated on host 129.63.140.122, via port number 389, with a timeout period of 45 seconds.
AuthenticationModule MSAD essmsad.dll essmsad.lib 45 cn=Engineers, ou=Groups, dc=yahoo, dc=com@129.63.140.122:389
©2004 Hyperion Solutions Corporation. All Rights Reserved. http://www.hyperion.com |