AutoVue Integration SDK. Security and Authentication Guide

Similar documents
AutoVue Document Print Service. Overview

Oracle Enterprise Manager

System Monitoring Plug-in Installation Guide for Microsoft Internet Information Services Release 4 ( ) Versions Supported

Primavera Portfolio Management Reporting Views for SQL Server databases

Oracle Information Rights Management Oracle IRM Windows Authentication Extension Guide 10gR3 August 2008

Oracle Enterprise Manager


Oracle Enterprise Single Sign-on Kiosk Manager

Copyright 1998, 2009, Oracle and/or its affiliates. All rights reserved.

Adaptive Risk Manager Challenge Question Cleanup 10g ( ) December 2007

Oracle AutoVue VueLink 20.0 for ENOVIA

Oracle Enterprise Manager. Description. Platforms Supported. Versions Supported

Oracle Enterprise Manager. Description. Versions Supported. Prerequisites

Oracle Enterprise Single Sign-on Kiosk Manager. User Guide Release E

2 Records Manager Updates

Oracle Workflow Builder for Windows 2000 or Windows XP. Oracle XML Gateway Message Designer for Windows 2000

Oracle Enterprise Manager. Description. Versions Supported. Prerequisites

Oracle Information Rights Management Sealed for Lotus Notes Extension 10gR3 PR3 May 2008

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Application Access Controls Governor. Release Notes Release 8.0.1

OIPA System Requirements. Oracle Insurance Policy Administration - Life Release 8.1 E May 2009

Oracle Enterprise Manager. Description. Versions Supported. System Monitoring Plug-in Installation Guide for EMC CLARiiON System Release 5 (

Oracle Database. Products Available on the Oracle Database Examples Media. Oracle Database Examples. Examples Installation Guide 11g Release 1 (11.

New Features in Primavera Professional 15.2

Oracle Fail Safe. Release for Microsoft Windows E

Oracle VueLink for Documentum

1 Important Configuration Changes

Oracle Adaptive Access Manager. 1 Oracle Adaptive Access Manager Documentation. 2 Resolved Issues. Release Notes Release 10g (

Oracle Alert Documentation Updates

GRCC Reporting Framework BIP for GRCC Admin/Implementation Guide

Oracle Enterprise Manager. Description. Versions Supported

Overview of the Plug-In. Versions Supported

USING ADMINISTRATOR FEATURES

Secure Configuration Guide

Oracle Fusion Middleware. 1 Oracle Team Productivity Center Server System Requirements. 2 Installing the Oracle Team Productivity Center Server

This section includes information on important Oracle Healthcare Data Model installation and configuration details. 1.1 Obtain and Apply IP Patch

Governance, Risk, and Compliance Controls Suite. Hardware and Sizing Recommendations. Software Version 7.2

1 Review Information About this Guide

1 Review Information About this Guide

PDF Quick Reference. Oracle Health Sciences InForm CRF Submit Release Part Number: E

Adaptive Strong Authenticator Configuration Guide 10g ( ) December 2007

2 Understanding the Discovery Mechanism

Oracle Agile Product Lifecycle Management for Process Content Synchronization and Syndication User Guide Release E

Oracle Enterprise Single Sign-on Logon Manager How-To: Configuring ESSO-LM Event Logging with Microsoft SQL Server 2005 Release

Oracle is a registered trademark, and Oracle Rdb, Oracle RMU and Oracle SQL/Services are trademark or registered trademarks of Oracle Corporation.

Oracle SQL Developer TimesTen In-Memory Database Support. Changes for Release 3.0 from Release 2.1.1

PEOPLESOFT FINANCIALS/SUPPLY CHAIN MANAGEMENT 9 MAINTENANCE PACK 13 DELTA

Oracle CADView-3D. Translator's User's Guide Release 12. Part No. B

Oracle Hospitality OPERA Exchange Interface Cloud Authentication. October 2017

JD Edwards EnterpriseOne 8.12 Standalone Client Installation Guide. for the Oracle Application Server

Copyright

Oracle Enterprise Manager

Oracle Enterprise Single Sign-on Logon Manager. Installation and Setup Guide Release E

Downloading Oracle Configuration Manager

Oracle Retail Category Management Release Notes Release April 2007

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Oracle Enterprise Manager

Oracle Enterprise Manager

1 Siebel Attachments Solution Overview

Oracle Business Intelligence Publisher. 1 Oracle Business Intelligence Publisher Certification. Certification Information 10g Release 3 (

JavaFX. JavaFX System Requirements Release E

equestionnaire User Guide

Oracle Enterprise Single Sign-on Authentication Manager

IVS Explorer User s Guide. Oracle Insurance Policy Administration - Life Release 8.1 E May 2009

Oracle Agile Engineering Data Management

Oracle Fusion Middleware

Oracle Agile Product Lifecycle Management for Process Reporting User Guide Release E

Oracle Supplier Network

Primavera Portfolio Management 9.1 Bridge for Microsoft Office Project Server 2007 Users Guide

Overview of the Plug-In. Versions Supported. Deploying the Plug-In

Getting Started with Attunity Replicate on Amazon EC2. Version 6.0

New Features in Primavera P6 16.2

Reporting User Guide. Prodika Product Lifecycle Management. Release 5.1

Oracle Enterprise Single Sign-on Provisioning Gateway

Copyright


Oracle Fusion Middleware

Oracle Enterprise Manager. Description. Platforms Supported. Versions Supported. Prerequisites

Primavera Portfolio Management 9.1 Bridge for Primavera P6 Users Guide

Defining Constants and Variables for Oracle Java CAPS Environments

Oracle Business Activity Monitoring

Oracle SQL Developer TimesTen In-Memory Database Support

Oracle Hospitality Suite8 Export to Outlook User Manual Release 8.9. July 2015

Oracle Retail Demand Forecasting Installation Guide Release 12.0 May 2006

Oracle Fusion Middleware

Oracle Enterprise Manager. Description. Versions Supported. Prerequisites

Synchronous SAP Connector

Module Code Entries Utility Oracle FLEXCUBE Universal Banking Release [December] [2016]

Oracle Insurance QuickView Service Ordering User Guide. Version 8.0

JavaFX. JavaFX System Requirements Release E

Documentation Accessibility

Oracle Enterprise Manager. Description. Versions Supported. System Monitoring Plug-in Installation Guide for EMC CLARiiON System Release 6 (

Oracle Fusion Middleware

Oracle Tuxedo Mainframe Adapter for SNA

Security Guide Release 4.0

Copyright

Siebel Application Deployment Manager Guide. Version 8.0, Rev. A April 2007

Computer Aided Compliance Screening User Guide

Oracle Utilities Advanced Spatial and Operational Analytics

Oracle Enterprise Single Sign-on Provisioning Gateway

Transcription:

AutoVue Integration SDK Security and Authentication Guide February 28, 2011

Page 2 Copyright 1998, 2011, Oracle and/or its affiliates. All rights reserved. The Programs (which include both the software and documentation) contain proprietary information; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Pro-grams, except to the extent required to obtain interoperability with other independently created software or as specified by law, is prohibited. The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. This document is not warranted to be error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose. If the Programs are delivered to the United States Government or anyone licensing or using the Programs on behalf of the United States Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the Programs, including documentation and technical data, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement, and, to the extent applicable, the additional rights set forth in FAR 52.227-19, Commercial Computer Software-Restricted Rights (June 1987). Oracle Corporation, 500 Oracle Parkway, Redwood City, CA 94065. The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of such applications if the Programs are used for such purposes, and we disclaim liability for any damages caused by such use of the Programs. The Programs may provide links to Web sites and access to content, products, and services from third parties. Oracle is not responsible for the availability of, or any content provided on, third-party Web sites. You bear all risks associated with the use of such content. If you choose to purchase any products or services from a third party, the relationship is directly between you and the third party. Oracle is not responsible for: (a) the quality of third-party products or services; or (b) fulfilling any of the terms of the agreement with the third party, including delivery of products or services and warranty obligations related to purchased products or services. Oracle is not responsible for any loss or damage of any sort that you may incur from dealing with any third party. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

Page 3 Contents 1. Preface... 4 1.1 Audience... 4 1.2 Documentation Accessibility... 4 1.3 Accessibility of Code Examples in Documentation... 4 1.4 Accessibility of Links to Extern Web Sites in Documentation... 4 1.5 Deaf/Hard of Hearing Access to Oracle Support Services... 4 1.6 Related Documents... 5 2. Introduction... 6 3. Single Sign On (SSO) / Cookies... 6 4. Basic or NTLM Authentication... 7 5. Encryption of User Credentials... 7 6. Logging and User Info... 7 7. Feedback... 8

Page 4 1. PREFACE The AutoVue Integration SDK Security and Authentication Guide is a high-level description about security and authentication mechanisms provided in this release of Integration SDK. For the most up-to-date version of this document, go to the AutoVue Documentation Web site on the Oracle Technology Network at http://www.oracle.com/technetwork/documentation/autovue-091442.html. 1.1 Audience This document is intended for Oracle partners and third-party developers (such as integrators) who want to implement their own integration with AutoVue. 1.2 Documentation Accessibility Our goal is to make Oracle products, services, and supporting documentation accessible to all users, including users that are disabled. To that end, our documentation includes features that make information available to users of assistive technology. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at http://www.oracle.com/accessibility. / 1.3 Accessibility of Code Examples in Documentation Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace. 1.4 Accessibility of Links to Extern Web Sites in Documentation This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites. 1.5 Deaf/Hard of Hearing Access to Oracle Support Services To reach Oracle Support Services, use a telecommunications relay service (TRS) to call Oracle Support at 1.800.223.1711. An Oracle Support Services engineer will handle

Page 5 technical issues and provide customer support according to the Oracle service request process. Information about TRS is available at http://www.fcc.gov/cgb/consumerfacts/trs.html, and a list of phone numbers is available at http://www.fcc.gov/cgb/dro/trsphonebk.html. 1.6 Related Documents For more information, see the following documents in the AutoVue Integration SDK library: Overview Installation Guide User Guide Acknowledgments Technical Guide Javadocs

Page 6 2. INTRODUCTION AutoVue release 20.0 has security enhancements. All integrations with AutoVue will need to be updated to leverage these enhancements. AutoVue 20.0 provides security enhancement by encrypting the content of the authorization block in its request and sending only once user credentials captured such as user name and password. But cookies will be sent in all requests. AutoVue allows for backward compatibility for the 19.3-level encryption of the authorization block. That is, AutoVue will not encrypt the content of the authorization block in its request and but sends only once user credentials captured. You can enable this backward compatibility by setting options dms.vuelink.version=19.3 in file autovue.properties on the AutoVue server. This backward compatibility option will be removed in the next release of AutoVue. If you are using a 19.3-compatible integration, we recommend that you upgrade your integration to be compatible with AutoVue 20.x as soon as possible. AutoVue no longer supports backward compatibility for 19.2-level integration. To facilitate the integration with the backend system, AutoVue Integration SDK (ISDK) provides two authentication mechanisms: Single Sign On (SSO) with Cookies and Basic/NTLM/Customized Authentication. The following section is a high-level description about security and authentication mechanisms provided in this release of Integration SDK. Refer to Tech Guide for detailed information about how to implement the security and authentication mechanisms in your integration. 3. SINGLE SIGN ON (SSO) / COOKIES The Integration SDK can retrieve cookies set by Web browser when AutoVue is launched in order to achieve SSO. Browser cookies are automatically captured by AutoVue and passed to the Integration SDK inside Authorization block of AutoVue request. It is recommended to set the AutoVue applet parameter DMS_PRESERVE_COOKIES to the list of cookies needed for your integration. Setting this parameter to TRUE will direct AutoVue to pass all cookies to the Integration. For security reasons, it is not recommended to set this parameter to TRUE.

Page 7 Cookie can be retrieved from Authorization block of AutoVue request and passed to the backend DMS 4. BASIC OR NTLM AUTHENTICATION When Integration SDK fails to connect to backend DMS, it can instruct AutoVue to prompt user with Authorization dialog for basic or NTLM authentication or authentication with customized information fields. Basic authentication includes two input fields user name & password. NTLM Authentication will include three input fields user name, password & domain. Customized Authentication has customized fields. Since user credentials captured by are only sent once by AutoVue 20.1 by default, it is important for the Integration SDK to cache authentication information and retrieve them in subsequent requests. 5. ENCRYPTION OF USER CREDENTIALS AutoVue Release 20.0 contains enhanced encryption for the authorization block in its request. To support the Authorization encryption, ISDK will handle a get property request to return a value for public key. AutoVue server will use ISDK public key to encrypt entire Authorization block. AutoVue server will include its public key in the requests sending to ISDK. ISDK will then use AutoVue s public key to decrypt the content of Authorization block. All the above handling is done at the ISDK framework level and thus is transparent to your integrations based on ISDK 20. Existing interface for returning authorization elements remain unchanged. In addition to the encryption of the authorization block, the password inside the authorization block has another level of encryption. 6. LOGGING AND USER INFO For security reasons, the Integration SDK does not dump to the logs any sensitive user/password information.

Page 8 7. FEEDBACK Oracle Corp. products are designed according to your needs. We would appreciate your feedback, comments or suggestions. Contact us by e-mail or telephone. Let us know what you think. General Inquiries: Telephone: +1.514.905.8400 or +1.800.363.5805 E-mail: autovuesales_ww@oracle.com Web Site: http://www.oracle.com/us/products/applications/autovue/index.html Sales Inquiries: Telephone: +1.514.905. 8400 or +1.800.363.5805 E-mail: autovuesales_ww@oracle.com Customer Support: Web Site: http://www.oracle.com/support/index.html

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback