API Gateway Version September Authentication and Authorization Integration Guide
|
|
- Geoffrey Ford
- 5 years ago
- Views:
Transcription
1 API Gateway Version September 2017 Authentication and Authorization Integration Guide
2 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway No part of this publication may be reproduced, transmitted, stored in a retrieval system, or translated into any human or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual, or otherwise, without the prior written permission of the copyright owner, Axway. This document, provided for informational purposes only, may be subject to significant modification. The descriptions and information in this document may not necessarily accurately represent or reflect the current or planned functions of this product. Axway may change this publication, the product described herein, or both. These changes will be incorporated in new versions of this document. Axway does not warrant that this document is error free. Axway recognizes the rights of the holders of all trademarks used in its publications. The documentation may provide hyperlinks to third-party web sites or access to third-party content. Links and access to these sites are provided for your convenience only. Axway does not control, endorse or guarantee content found in such sites. Axway is not responsible for any content, associated links, resources or services associated with a third-party site. Axway shall not be liable for any loss or damage of any sort associated with your use of third-party content.
3 Contents Preface 5 Who should read this guide 5 Related documentation 5 Support services 6 Training services 6 Accessibility 7 Screen reader support 7 Support for high contrast and accessible use of colors 7 1 CA SiteMinder integration 8 Flow description 8 Prerequisites 8 Configuration process 9 Configure API Gateway as the SiteMinder agent 9 Add CA binaries to API Gateway 10 Register API Gateway as the SiteMinder agent 10 Configure SiteMinder connection 12 Configure SiteMinder authentication policy 12 Create an authentication repository 12 Configure routing to the protected resource 13 Configure the SiteMinder authentication and authorization policy 13 Configure single sign-on 14 Configure custom cookie creation 14 Configure the cookie check 15 Configure SiteMinder session validation 16 Deploy the policy 17 Configure inserting a SAML authentication assertion 18 Test the policy 19 2 IBM Tivoli Access Manager integration 20 Flow description 20 Prerequisites 21 Configuration process 21 Configure API Gateway for IBM Tivoli Access Manager 21 Install the Tivoli Access Manager runtime environment 22 Generate Tivoli configuration files 22 Configure Tivoli connection 24 Upload Tivoli configuration files in Policy Studio 24 Axway API Gateway Authentication and Authorization Integration Guide 3
4 Upload Tivoli configuration files manually 25 Configure Tivoli repository 26 Configure API Gateway policy 27 Configure a Tivoli authorization policy 27 Configure a Tivoli attribute retrieval policy 28 Configure a Tivoli demo setup 29 Create a Tivoli objectspace 29 Add users and web services to Tivoli 29 Axway API Gateway Authentication and Authorization Integration Guide 4
5 Preface API Gateway contains a set of message filters that directly or indirectly restrict access to resources or web services. Filters that directly control access include XML-signature verification, CA certificate chain verification, and SAML assertion verification. With these filters, policy decisions are made and enforced within API Gateway itself. Filters that indirectly control access offload the policy decision to an external access management system. With these filters, the policy decision is made by the external system but then enforced by API Gateway. API Gateway can leverage your existing Identity Management infrastructure, thus avoiding the need to maintain separate silos of user information. For example, if you already have a database full of user credentials, API Gateway can authenticate requests against this database rather than using its own internal user store. Similarly, the API Gateway can authorize users, look up user attributes, and validate certificates against third-party Identity Management servers. This guide describes how to configure API Gateway to integrate with the following products: CA SiteMinder see CA SiteMinder integration on page 8. IBM Tivoli Access Manager for e-business see IBM Tivoli Access Manager integration on page 20 Who should read this guide The intended audience for this guide is personnel in charge of the technical integration of an API Gateway solution. Related documentation The following reference documents are available on the Axway Documentation portal at API Management Concepts Guide This guide describes how API Gateway, API Manager, and API Portal are used to publish, promote, and manage APIs in a secure and scalable environment. API Management Plus Concepts Guide This guide describes how AxwayAPI Management Plus is used to create APIs from cloud applications and on-premise services, control the use of APIs, and enable self-service consumption of APIs. Axway API Gateway Authentication and Authorization Integration Guide 5
6 Preface Axway Supported Platforms Lists the different operating systems, databases, browsers, and thick client platforms supported by each Axway product. Axway Interoperability Matrix Provides product version and interoperability information for Axway products. Support services The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements. support@axway.com or visit Axway Support at See "Troubleshoot your API Gateway installation" in the API Gateway Administrator Guide for the information that you should be prepared to provide when you contact Axway Support. Training services Axway offers training across the globe, including on-site instructor-led classes and self-paced online learning. For details, go to: Axway API Gateway Authentication and Authorization Integration Guide 6
7 Accessibility Axway strives to create accessible products and documentation for users. This documentation provides the following accessibility features: Screen reader support on page 7 Support for high contrast and accessible use of colors on page 7 Screen reader support Alternative text is provided for images whenever necessary. The PDF documents are tagged to provide a logical reading order. Support for high contrast and accessible use of colors The documentation can be used in high-contrast mode. There is sufficient contrast between the text and the background color. The graphics have the right level of contrast and take into account the way color-blind people perceive colors. Axway API Gateway Authentication and Authorization Integration Guide 7
8 CA SiteMinder integration 1 CA SiteMinder is a centralized web access management system that provides user authentication and single sign-on, policy-based authorization, identity federation, and auditing of access to web applications and portals. This section describes how to configure API Gateway to authenticate and authorize end users using CA SiteMinder CA SiteMinder authenticates end users and authorizes them to access protected web resources. API Gateway can request SiteMinder to authenticate end users using the user profiles stored in the SiteMinder server. SiteMinder decides whether the user should be authenticated, and API Gateway then enforces this decision. API Gateway can also request SiteMinder to make authorization decisions on behalf of end users that have successfully authenticated to API Gateway. For more information on CA SiteMinder, go to the CA Technologies website. Flow description SiteMinder authentication flow starts when an end user uses browser to attempt to access a resource protected with CA SiteMinder on API Gateway. First, API Gateway checks if the request from the user contains a valid session cookie for SiteMinder. If API Gateway does not find a valid session cookie the flow is as follows: 1. End user is prompted to provide the login credentials. 2. API Gateway forwards the credentials to SiteMinder. 3. SiteMinder decides whether the user is authenticated and authorized for the requested resource. If the authentication is successful, SiteMinder returns a session cookie and a response to API Gateway. 4. API Gateway stores the session cookie from SiteMinder in the siteminder.session message attribute and creates a custom cookie. 5. API Gateway returns a message with the cookie and a success response to the end user, and authorizes the user to access the requested resource. On subsequent requests to access the protected resource, the end user sends the cookie to API Gateway in the request message. API Gateway retrieves the cookie and validates it against SiteMinder. The end user stays authenticated for the entire lifetime of the session cookie. As long as the session cookie is valid, API Gateway does not need to re-authenticate the end user against SiteMinder for every request. This increases throughput and performance considerably. Prerequisites Before you start, you must have the following: Axway API Gateway Authentication and Authorization Integration Guide 8
9 1 CA SiteMinder integration API Gateway installed CA SiteMinder installed and configured For more details on the installation and the initial configuration of CA SiteMinder, see the CA SiteMinder documention. It is recommended you familiarize yourself with this documentation before you start integrating API Gateway with CA SiteMinder. Configuration process The example policy is build in stages, starting with a simple authentication and authorization policy for SiteMinder that is then refined by adding further filters. The example policy uses HTTP Basic to authenticate the end user, but you can replace it with another authentication mechanism, if required. The following steps are required to integrate API Gateway with CA SiteMinder: 1. Configure API Gateway as the SiteMinder agent on page 9. Configure API Gateway as the SiteMinder agent on page 9. Register API Gateway as the SiteMinder agent on page Configure SiteMinder connection on page Configure SiteMinder authentication policy on page 12. Create an authentication repository on page 12. Configure routing to the protected resource on page 13. Configure the SiteMinder authentication and authorization policy on page Configure single sign-on on page 14. Configure custom cookie creation on page 14. Configure the cookie check on page 15. Configure SiteMinder session validation on page 16. Configure API Gateway as the SiteMinder agent This section describes how to configure API Gateway to act as an agent for CA SiteMinder. Add CA binaries to API Gateway on page 10 Register API Gateway as the SiteMinder agent on page 10 o Register agent on Windows on page 10 o Register agent on UNIX/Linux on page 11 Axway API Gateway Authentication and Authorization Integration Guide 9
10 1 CA SiteMinder integration Add CA binaries to API Gateway Integration with CA SiteMinder requires CA SiteMinder SDK version sp02 or later. You must add the required third-party binaries to your API Gateway installation. 1. Ensure that any SiteMinder binaries you may have previously added to API Gateway have been deleted. 2. Install CA SiteMinder SDK. 3. Copy the following jar files from the java directory of the CA SDK : cryptoj.jar smagentapi.jar smjavasdk2.jar 4. Add the files to the following directory on API Gateway: On Windows: INSTALL_DIR\apigateway\ext\lib On UNIX/Linux: INSTALL_DIR/apigateway/<platform>/lib 5. Restart API Gateway. Register API Gateway as the SiteMinder agent Before API Gateway can act as a Policy Enforcement Point (PEP) for SiteMinder, you must register API Gateway as an agent for CA SiteMinder Policy Server. With the smreghost tool, you can register the agent from the command line, and create the SmHost.conf file. The agent needs to be registered on the machine running the API Gateway instance. You must run the smreghost tool separately on each individual API Gateway instance. The SmHost.conf file is generated in the same directory as the smreghost tool. Before you start, you need the following information on your CA SiteMinder Policy Server: IP address Login credentials (user name and password) Host Configuration Object name To obtain this information, contact your SiteMinder administrator. Register agent on Windows 1. Open a command prompt to INSTALL_DIR\apigateway\ext\lib. 2. Run the smreghost tool as follows: smreghost -i <CA SiteMinder host> -u <user name> -p Axway API Gateway Authentication and Authorization Integration Guide 10
11 1 CA SiteMinder integration <password> -hc <Host Configuration Object name> hn <hostname> For example: smreghost -i u GatewayAgent -p XXXXXX - hc V6HostConfObject hn apigateway.axway.int The hostname must be the fully qualified machine name of the host machine running API Gateway. 3. To enable debug output from the Siteminder agent, add the following to jvm.xml if needed: <ConfigurationFragment> <VMArg name="-dsmjavasdk_log_info=true"/> </ConfigurationFragment> Register agent on UNIX/Linux 1. Go to INSTALL_DIR/apigateway/<platform>/lib. 2. Run the following: export LD_LIBRARY_PATH=INSTALL_ DIR/apigateway/<platform>/lib 3. Run the smreghost tool as follows: smreghost -i <CA SiteMinder IP address> -u <user name> -p <password> -hc <Host Configuration Object name> hn <hostname For example: smreghost -i u GatewayAgent -p XXXXXX - hc V6HostConfObject hn apigateway.axway.int The hostname must be the fully qualified machine name of the host machine running API Gateway. 4. To enable debug output from the Siteminder agent, add the following to jvm.xml if needed: <ConfigurationFragment> Axway API Gateway Authentication and Authorization Integration Guide 11
12 1 CA SiteMinder integration <VMArg name="-dsmjavasdk_log_info=true"/> </ConfigurationFragment> Configure SiteMinder connection This section describes how to configure API Gateway to connect to CA SiteMinder using Policy Studio. For more details on working in Policy Studio, see API Gateway Policy Developer Guide. Before you start, you need the following information for your CA SiteMinder Policy Server: Web Agent name Agent Configuration Object name To obtain this information, contact your SiteMinder administrator. 1. In the node tree, click Environment Configuration > External Connections > SiteMinder/SOA Security Manager Connections. 2. Select Add a SiteMinder connection. 3. Enter your agent name (apigateway.axway.int) and agent configuration object name (V6HostConfObject) you created in Register API Gateway as the SiteMinder agent on page Click Browse, select the SmHost.conf file for your agent, and click OK. For more details on the fields and options in this configuration window, see "Configure SiteMinder/SOA Security Manager connections" in API Gateway Policy Developer Guide. Configure SiteMinder authentication policy This section describes how to configure an authentication policy in Policy Studio for API Gateway to authenticate to CA SiteMinder. For more details on working in Policy Studio, see API Gateway Policy Developer Guide. Create an authentication repository 1. In the node tree, click Environment Configuration > Authentication Repositories> SiteMinder Repositories. 2. Select Add a new Repository, and enter a name for your repository (for example, SiteMinder repository). 3. Set Agent Name to the agent you registered (GatewayAgent), and click OK. For more details on the fields and options in this configuration window, see "CA SiteMinder repositories" in API Gateway Policy Developer Guide. Axway API Gateway Authentication and Authorization Integration Guide 12
13 1 CA SiteMinder integration Configure routing to the protected resource 1. In the node tree, click Policies. 2. Add a new policy, and enter a name for it (Route to protected resource). 3. Open the Routing category in the palette, drag a Connect to URL filter onto the policy canvas, and enter a name for your filter (Route to protected resource). 4. Enter the URL for your protected resource, and click Finish. 5. Right click the filter, and select Set as Start. The SiteMinder authentication and authorization policy calls to this protected routing policy using a Policy Shortcut filter. For more details on the fields and options in this configuration window, see "Connect to URL" in API Gateway Policy Developer Guide. Configure the SiteMinder authentication and authorization policy This sections describes how to configure a policy to authenticate and authorize an end user existing in a CA SiteMinder repository. To start, add a new policy named, for example, SiteMinder. 1. Open the Authentication category, and drag a HTTP Basic filter onto the policy canvas. 2. Set the following, and click Finish: Credential Format: User name Repository name: <your SiteMinder repository> (SiteMinder repository) For more details on the fields and options in this configuration window, see "HTTP Basic authentication" in API Gateway Policy Developer Guide. 3. Open the CA SiteMinder category, and drag a Authorization filter onto the policy canvas. 4. Enter a name for the filter (for example, Authorize user with SiteMinder), and click Finish. For more details on the fields and options in this configuration window, see "SiteMinder authorization" in API Gateway Policy Developer Guide. 5. Open the Utility category, drag a Policy Shortcut filter onto the policy canvas. 6. Set Policy Shortcut to the routing policy you created (Route to protected resource), and click Finish. 7. Connect the filters with a success path. Axway API Gateway Authentication and Authorization Integration Guide 13
14 1 CA SiteMinder integration 8. Click on the Add Relative Path icon to create a new relative path (for example, /siteminder) that links to this policy. 9. Deploy the new configuration to API Gateway. The policy looks like this: The policy has the following flow: API Gateway authenticates the end user using HTTP Basic. API Gateway passes the end user s credentials to SiteMinder. SiteMinder authenticates the end user, authorizes the end user for the particular resource, and sends a response to API Gateway. API Gateway routes the request to a policy shortcut calling the protected resource. Configure single sign-on In a production deployment, it is not practical to authenticate and authorize each user for each request. Instead, you can configure API Gateway to store the SiteMinder session cookie for single sign-on (SSO). After an end user is successfully authenticated, API Gateway can create a custom cookie and place the SiteMinder session cookie validated for that end user as the cookie value. On later request, instead of re-authenticating the user every time, API Gateway can check if the request contains a valid session cookie. If a valid session cookie is found, the end user does not have to be authenticate again. API Gateway can also insert a SAML authorization assertion for downstream web services to consume. This section expands the previously configured SiteMinder authentication policy. To start, copy your SiteMinder authentication and authorization policy (SiteMinder), and rename it (for example, SiteMinder Single Sign-On. Configure custom cookie creation 1. Open the Conversion category, and drag a Create Cookie filter onto the policy canvas. 2. Set the following: Cookie Name: smcookie Axway API Gateway Authentication and Authorization Integration Guide 14
15 1 CA SiteMinder integration Cookie Value: ${siteminder.session} Path: / 3. Set Max-Age to how long you want the cookie to remain valid, and click Finish. 4. Connect the Authorization filter (Authorize user with SiteMinder) to the Create Cookie filter with a success path. The message attribute ${siteminder.session} was specified in Create an authentication repository on page 12. After the end user is successfully authenticated to SiteMinder, this is the message attribute that contains the end user s SiteMinder session cookie. For more details on the fields and options in this configuration window, see "Create cookie" in API Gateway Policy Developer Guide. Configure the cookie check 1. Open the Attributes category, and drag a Get Cookie filter onto the policy canvas. 2. Set the Cookie Name to smcookie. 3. Select Fail if cookie not found in the message, and click Finish. 4. Right-click the Get Cookie filter, and select Set as Start. Axway API Gateway Authentication and Authorization Integration Guide 15
16 1 CA SiteMinder integration 5. Connect the Get Cookie filter to the HTTP Basic filter with a failure path. If the request from then end user does not contain a valid SiteMinder cookie, the end user is prompted to provide login credentials. For more details on the fields and options in this configuration window, see "Get cookie" in API Gateway Policy Developer Guide. Configure SiteMinder session validation If API Gateway finds a valid session cookie from an incoming request, it uses the cookie value to validate the end user's SiteMinder session. 1. Open the CA SiteMinder category, and drag a Session Validation filter onto the policy canvas. 2. Set Agent Name to your registered SiteMinder agent (GatewayAgent). 3. Set Selector Expression to retrieve session to ${cookie.smcookie.value}, and click Finish. 4. Connect the Get Cookie filter to the Session Validation filter with a success path. 5. Connect the Session Validation filter to the Authorization filter (Authorize user with SiteMinder) with a success path. Axway API Gateway Authentication and Authorization Integration Guide 16
17 1 CA SiteMinder integration 6. Connect the Session Validation filter to the HTTP Basic filter with a failure path. If the SiteMinder session cannot be validated, the end user is prompted to provide login credentials. For more details on the fields and options in this configuration window, see "SiteMinder session validation" in API Gateway Policy Developer Guide Deploy the policy 1. Click on the Add Relative Path icon to create a new relative path (for example, /siteminder_sso) that links to this policy. 2. Deploy the new configuration to API Gateway. You have now configured a simple policy for single sign-on in SiteMinder authentication. The policy has the following flow: API Gateway checks if the request contains a valid custom cookie. If a valid custom cookie is not found, the end user is prompted to provide login credentials. If a valid custom cookie is found, API Gateway retrieves the value of the cookie and uses that to check if the end user's session cookie in SiteMinder is still valid. If the session cookie is no longer valid, the end user is prompted to provide login credentials. SiteMinder authorizes the user to access the requested resource and sends response with the SiteMinder cookie back to API Gateway. API Gateway creates a custom cookie to hold the end user's SiteMinder session cookie. API Gateway calls to the protected resource using the routing policy. API Gateway sends the response along with the custom cookie to the end user. Axway API Gateway Authentication and Authorization Integration Guide 17
18 1 CA SiteMinder integration This policy can be part of a larger policy, including features such as XML threat detection and conditional routing (not described in this guide). You can also authenticate the user with some other authentication method instead of HTTP Basic. In addition, you can add additional filters, such as messages in case of failures: Configure inserting a SAML authentication assertion You can extend the single sign-on to downstream web services, if required. After the end user is successfully authenticated and authorized, API Gateway adds a SAML authentication assertion that the web services can consume to the response message. 1. Open the Authorization category, and drag a Insert SAML Authentication Assertion filter onto the policy canvas. 2. On the Assertion details tab, select any issuer on the Issuer Name list, and set the expiry date for the SAML authentication assertion. 3. On the Assertion Location tab, make sure that Add to WS-Security Block with SOAP Actor/Role is selected and SOAP Actor/Role set to Current Actor/Role Only. 4. On the Advanced tab, select Insert SAML Attribute Statement and Indent, then click Finish. 5. Connect the filter between the Create Cookie and the Policy Shortcut filters with success Axway API Gateway Authentication and Authorization Integration Guide 18
19 1 CA SiteMinder integration paths. For more details on the fields and options in this configuration window, see "Insert SAML authorization assertion" in API Gateway Policy Developer Guide. Test the policy This section describe how to test your SiteMinder policy using a standard browser. 1. Open a web browser in private (incognito) mode to ensure no user is yet logged in. 2. Enter the URL to call your policy: address>:<port>/<path> For example: 3. Enter the login credentials. API Gateway authenticates the user against SiteMinder and returns the response along with the SiteMinder session cookie. 4. Refresh the browser to access the protected resource. Because the custom cookie (smcookie) is available this time, API Gateway does not prompt for credentials. Instead of reauthentication, API Gateway validates the cookie against the SiteMinder. The Traffic Monitor tab on the API Gateway Manager ( is an excellent place to view and troubleshoot the message flows. For more details, see "Monitor services in API Gateway Manager" in API Gateway Administrator Guide. Axway API Gateway Authentication and Authorization Integration Guide 19
20 IBM Tivoli Access Manager integration 2 IBM Tivoli Access Manager for e-business (TAM) is a commonly used product for securing web resources. You can integrate API Gateway with TAM and leverage your existing access management policies, so you do not have to maintain duplicate policies in both products. All authentication filters can pass identity credentials to TAM for authorization. At runtime, the Tivoli filters in API Gateway can delegate authentication and authorization decisions to TAM, and can also retrieve user attributes. In integration with TAM, a message filter in API Gateway forwards policy decisions to TAM. TAM makes the policy decision, and API Gateway then enforces the decision. The architecture can be seen in the following diagram. API Gateway supports integration with IBM Tivoli Access Manager for e-business v6.1 on Windows. Note Each API Gateway instance can connect to a single Tivoli server. Flow description 1. A client sends a message to API Gateway using, for example, SOAP over HTTPS. 2. API Gateway allocates the message to the appropriate policy and executes the filters. 3. Using Tivoli filters in the policy, API Gateway requests TAM to authenticate, authorize, or retrieve attributes for a given user. Axway API Gateway Authentication and Authorization Integration Guide 20
21 2 IBM Tivoli Access Manager integration 4. TAM makes the security decision based on the user information, and returns the decision to API Gateway. 5. API Gateway enforces the security decision. On success, API Gateway routes the message on to a configured target system. On failure, API Gateway blocks the message and returns an error to the client. Prerequisites IBM Tivoli Access Manager integration has the following prerequisites. An existing API Gateway installation with SP 1 installed An existing IBM Tivoli Access Manager for e-business 6.1 configuration Configuration process The example policy uses HTTP Basic to authenticate the end user, but you can replace it with another authentication mechanism, if required. The following steps are required to integrate API Gateway with IBM Tivoli Access Manager for e- business: 1. Configure API Gateway for IBM Tivoli Access Manager on page 21 Install the Tivoli Access Manager runtime environment on page 22 Generate Tivoli configuration files on page Configure Tivoli connection on page Configure Tivoli repository on page Configure API Gateway policy on page 27 Configure a Tivoli authorization policy on page 27 Configure a Tivoli attribute retrieval policy on page 28 Configure API Gateway for IBM Tivoli Access Manager This section describes how configure API Gateway for integration with IBM Tivoli Access Manager. Axway API Gateway Authentication and Authorization Integration Guide 21
22 2 IBM Tivoli Access Manager integration Install the Tivoli Access Manager runtime environment You must install the Tivoli Access Manager runtime environment on the machine running API Gateway. The runtime environment is not packaged with API Gateway, so you must install it separately. Note The Tivoli Access Manager Java runtime environment is not required. It is recommend to install the Tivoli Access Manager runtime environment using the native utilities instead of the installation wizard to ensure the Tivoli Access Manager Java runtime environment is not installed. The installation wizard requires the Tivoli Access Manager Java runtime environment even though the runtime software does not. Generate Tivoli configuration files API Gateway uses information stored in the Tivoli configuration files to connect to a Tivoli server. You can generate these configuration files using the svrsslcfg command line utility included in the Tivoli Access Manager runtime environment. For more details on this utility, see the Tivoli documentation. 1. Run the svrsslcfg utility. For example: svrsslcfg -config -f "C:\conf\config.conf" -d "C:\conf" -n apigateway -s remote -P XXXXXXXX -S YYYYYYYY -r h test.axway.com The available arguments are as follows: Argument -config Description The command that creates the configuration files required API Gateway uses to communicate with Tivoli. -f The directory and name of the main Tivoli configuration file. This command generates the file in the specified location. -d The directory where to generate the SSL key file (.kdb) for the Tivoli server. This command generates the file in the specified location. -n The name of the application connecting to the Tivoli server (API Gateway). -s The mode how the application (API Gateway) runs. The most likely scenario is that API Gateway runs remotely. Axway API Gateway Authentication and Authorization Integration Guide 22
23 2 IBM Tivoli Access Manager integration Argument Description -P The password of the Tivoli administrator. -S The password for API Gateway. This command sets the password for API Gateway on the Tivoli server. -r The listening port on API Gateway. -h The name of the host running API Gateway. 2. To add a Tivoli authorization server replica, run the following command: svrsslcfg -add_replica -f <main Tivoli config file> -h <Tivoli authorization server> For example: svrsslcfg -add_replica -f "C:\conf\config.conf" -h tivoli.axway.com API Gateway contacts this server to make authorization decisions. The following files are generated in the directory you specified: <name>.conf: the main Tivoli configuration file <name>.kdb: the SSL key file <name>.sth: the stash file for the SSL key file <name>.conf.obf: the database configuration file The files are named as you define for the main configuration file. For example: config.conf: the main Tivoli configuration file config.kdb: the SSL key file config.sth: the stash file for the SSL key file config.conf.obf: the database configuration file Note Depending on the version of API Gateway you are running, the file names might have spaces in them. After creating the configuration files you must upload them to API Gateway using Policy Studio, or manually copy the files to a location on API Gateway's file system. See Configure Tivoli connection on page 24. Axway API Gateway Authentication and Authorization Integration Guide 23
24 2 IBM Tivoli Access Manager integration Configure Tivoli connection Tivoli connections use the Tivoli configuration files to determine how a particular API Gateway instance connects to an instance of a Tivoli server. You can upload the Tivoli configuration files you generated to API Gateway and add the required connection details in the Tivoli Configuration dialog. This section describes how to configure the IBM Tivoli Access Manager (TAM) connection using Policy Studio. For more information on working in Policy Studio, see the API Gateway Policy Developer Guide. Note Each API Gateway instance can connect to a single Tivoli server. The is configured globally under the Server Settings, so it can be reused in filters and policies without the need to reconfigure details again. Upload Tivoli configuration files in Policy Studio 1. In the node tree, click Environment Configuration > Server Settings > Security > Tivoli, and select Add a Tivoli Connection. 2. Select Tivoli Connections > Add a Tivoli Connection, and enter a name on the Tivoli Configuration dialog, or select an existing Tivoli connection to base the new configuration on. 3. Set the following, and click Next: Upload Tivoli configuration files: Select this. Connection enabled: Select this to immediately enable the connection. 4. Click Load File, and select your main Tivoli configuration file (.conf). The contents of the file are displayed in the text area. 5. Change all directory paths of the configuration files in the main configuration file to the absolute paths on API Gateway, then click Next. For example: Axway API Gateway Authentication and Authorization Integration Guide 24
25 2 IBM Tivoli Access Manager integration 6. Click Load File, select the Tivoli SSL key file (.kdb), and click Next. Note The (base-64 encoded) SSL keys cannot be edited in the text area. 7. Click Load File, select the Tivoli SSL stash file (.sth), and click Next. 8. Click Load File, select Tivoli Configuration database configuration file (.conf.obf), and click Finish. 9. In the node tree, click Environment Configuration > Server Settings > Security > Tivoli, ensure the Tivoli connection you just created is selected in the drop-down list, and click Save. 10. Deploy the configuration to API Gateway to upload the files. Note When you upload the configuration files, on each startup and refresh (for example, when configuration updates are deployed), API Gateway overwrites the configuration files to INSTALL_DIR\apigateway\groups\GROUP-NUMBER\PROCESS_ NAME\conf\plugin\tivoli\PROCESS_NAME, where PROCESS_NAME is API Gateway instance. This means that any changes to the main configuration file must be made in Policy Studio, not directly to the file on the disk. Spaces in the API Gateway instance name are substituted with -, and API Gateway names each file as config.<extension>. For example, the directory, INSTALL_ DIR\apigateway\groups\group-2\instance- 1\conf\plugin\tivoli\instance-1 contains config.conf, config.kdb, config.sth, and config.conf.obf. To later disable or enable configured Tivoli connections, select the connection you want, click Edit Tivoli connection, and deselect or select Connection enabled as needed. For more details on the fields and options in this configuration window, see "Configure Tivoli connections" in API Gateway Policy Developer Guide. Upload Tivoli configuration files manually Alternatively, you can manually copy the configuration files to a location on API Gateway to upload the files and create a new Tivoli connection. To configure API Gateway to pick up the uploaded files, perform the following steps: 1. Copy the files to API Gateway's file system. Ensure that the settings in the main configuration file (.conf) pointing to the other configuration files point to the right locations. You must use the full paths to the files. For example: Axway API Gateway Authentication and Authorization Integration Guide 25
26 2 IBM Tivoli Access Manager integration 2. In the node tree in Policy Studio, click Environment Configuration > Server Settings > Security > Tivoli, and select Add a Tivoli Connection. 3. Select Tivoli Connections > Add a Tivoli Connection, and enter a name on the Tivoli Configuration dialog, or select an existing Tivoli connection to base the new configuration on. 4. Enter a name on the Tivoli Configuration dialog. 5. Set the following, and click Next: Set file location for main Tivoli Configuration file: Select this. Connection enabled: Select this to immediately enable the connection. 6. In Server-side Tivoli configuration, enter the full path to the main Tivoli configuration file (for example, INSTALL_DIR\apigateway\groups\group-2\instance- 1\conf\plugin\tivoli\instance-1\config.conf) on the API Gateway's file system, and click Finish. 7. In the node tree, click Environment Configuration > Server Settings > Security > Tivoli, ensure the Tivoli connection you just created is selected in the drop-down list, and click Save. 8. Deploy the configuration to API Gateway to upload the files. Note When the Set file location option is selected, API Gateway does not overwrite the files at startup or refresh time. You can edit the main configuration file directly using an editor of your choice. Configure Tivoli repository A Tivoli repository is used to authenticate clients against a running instance of a Tivoli server. All authentication filters can pass identity credentials to the Tivoli repository in order to authenticate clients. The Tivoli server decides if the client is authenticated, and API Gateway subsequently enforces the decision. Axway API Gateway Authentication and Authorization Integration Guide 26
27 2 IBM Tivoli Access Manager integration This section describes how to configure the IBM Tivoli Access Manager (TAM) repository using Policy Studio. For more information on working in Policy Studio, see the API Gateway Policy Developer Guide. 1. In the node tree, click Environment Configuration > External Connections > Authentication Repositories > Tivoli Repositories, and select Add a new Repository. 2. Enter a name for the repository (for example, Tivoli Repository). 3. Click Settings, ensure the correct Tivoli connection is selected, and click Finish. When configuring an authentication filter, you can select the Tivoli repository to authenticate clients against. The authentication filter uses the connection details of the API Gateway instance was selected for the repository. For more details on the fields and options in this configuration window, see "Tivoli repositories" in API Gateway Policy Developer Guide. Configure API Gateway policy This section describes how to configure policies that leverage IBM Tivoli Access Manager (TAM) in Policy Studio. For more information on working in Policy Studio, see the API Gateway Policy Developer Guide. The Tivoli authentication repository is available from all authentication filters. Here, the example policy uses the HTTP Basic authentication filter to authenticate a client against a Tivoli repository using a user name and password combination. You can configure a different authentication mechanism as required. Configure a Tivoli authorization policy 1. Add a new policy named, for example, IBM Tivoli Authorization. 2. Open the Authentication category in the palette, and drag a HTTP Basic filter onto the policy canvas. 3. Set the following, and click Finish: Credential Format: User Name. Allow client challenge: Select this. Repository Name: The repository you configured (Tivoli Repository). For more details on the fields and options in this configuration window, see "HTTP Basic authentication" in API Gateway Policy Developer Guide. 4. Right-click the HTTP Basic filter, and select Set as Start. 5. Open the Authorization category in the palette, and drag a Tivoli filter onto the policy canvas. 6. Set Object Space to your Tivoli objectspace (for example, axway/test). Axway API Gateway Authentication and Authorization Integration Guide 27
28 2 IBM Tivoli Access Manager integration 7. In Permissions, set the permissions for the client. A client is only authorized to access the requested resource if it has the relevant permissions checked in the table. 8. In Attributes, specify what user attributes, if any, to retrieve from the Tivoli server, and click Finish. For more details on the fields and options in this configuration window, see "Tivoli authorization" in API Gateway Policy Developer Guide. 9. Connect the filters with a success path. 10. Click on the Add Relative Path icon to create a new relative path (for example, /ibm_ tivoli_authorize) that links to this policy, and deploy the policy to API Gateway. Configure a Tivoli attribute retrieval policy You can use the Retrieve from Tivoli filter to retrieve user attributes independently from authorizing the user against Tivoli Access Manager. This example policy is based on the previously configured Tivoli policy. The user is authenticated, but not authorized using Tivoli. Instead, Tivoli is used just to retrieve attributes. 1. Copy the Tivoli policy you created (IBM Tivoli Authorization). 2. Rename it (for example, IBM Tivoli Attribute), and delete the Tivoli filter. 3. Open the Attributes category in the palette, and drag a Retrieve from Tivoli filter onto the policy canvas. 4. Set User ID to ${authentication.subject.id}. Using a selector here enables you to retrieve attributes for multiple end users. 5. Specify what user attributes to retrieve from the Tivoli server, and click Finish. For more details on the fields and options in this configuration window, see "Retrieve attribute from Tivoli" in API Gateway Policy Developer Guide. 6. Connect the filters with a success path. 7. Click on the Add Relative Path icon to create a new relative path (for example, /ibm_ tivoli_attribute) that links to this policy, and deploy the policy to API Gateway. Axway API Gateway Authentication and Authorization Integration Guide 28
29 2 IBM Tivoli Access Manager integration Configure a Tivoli demo setup To test or demonstrate Tivoli Access Manager integration in API Gateway, you may want to configure a test Tivoli objectspace as well as sample users and web services using the pdadmin tool. For more details on the pdadmin tool, see the pdadmin commands. Create a Tivoli objectspace 1. Open a terminal window on the machine running the Tivoli authorization server and management server. 2. Start the pdadmin tool using the following command, where mypwd is the password for the management server: > pdadmin -a sec_master -p mypwd 3. Use the objectspace create command to add a user: pdadmin> objectspace create <objectspace name> <description> 9 The parameter 9 indicates that you are adding a web resource. As the Policy Decision Point (PDP), API Gateway is responsible of mapping an attempt to access a web service to a given object. The Tivoli authorization server does not contain any mapping between its objectspace nodes and URLs. For example: pdadmin> objectspace create /axway/test "For testing purposes" 9 Add users and web services to Tivoli To authorize a user to access a web service, you must first add the user to Tivoli as follows: 1. Add the user as before using the user create command: pdadmin> user create <username> <dn> <cn> <sn> <password> Note Ensure that the DName you assign the user is identical to the DName in the user's certificate. 2. Insert the server that runs your web service into Tivoli's objectspace using the following command: pdadmin> object create /apigateway/<object-name> <description> 9 Axway API Gateway Authentication and Authorization Integration Guide 29
30 2 IBM Tivoli Access Manager integration 3. To bind the user and the object, create an ACL for the object, and add the user to that list: pdadmin> acl create <acl-name> pdadmin> acl modify <acl-name> set user <username> rx pdadmin> acl attach <object-name> <acl-name> 4. To view the details of a user, use the following commands: >user show <username> >objectspace list >acl show <acl-name> For more details on this utility, see the pdadmin commands. Axway API Gateway Authentication and Authorization Integration Guide 30
CA SiteMinder. Agent for JBoss Guide SP1
CA SiteMinder Agent for JBoss Guide 12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is for your
More informationEMC Unisphere 360 for VMAX
EMC Unisphere 360 for VMAX Version 8.4.0 Online Help (PDF version) Copyright 2016-2017 EMC Corporation All rights reserved. Published May 2017 Dell believes the information in this publication is accurate
More informationSetup and Configure the Siteminder Policy Store with Dxmanager
One CA Plaza Islandia, NY 11749 T +1 631 342 6000 F +1 631 342 6800 ca.com June 20, 2013 Customer Request Number: N/A System/Application: Policy Server Module: Siteminder Policy Store with DXmanager Request
More informationConfiguring a Secure Access etrust SiteMinder Server Instance (NSM Procedure)
Configuring a Secure Access etrust SiteMinder Server Instance (NSM Procedure) Within the Secure Access device, a SiteMinder instance is a set of configuration settings that defines how the Secure Access
More informationHow to Integrate CA SiteMinder with the Barracuda Web Application Firewall
How to Integrate CA SiteMinder with the Barracuda Web Application Firewall Overview CA/Netegrity SiteMinder provides an infrastructure for centralized and secure policy management of websites. It uniquely
More informationCA SiteMinder. Agent for JBoss Guide. r12.1 SP3. Third Edition
CA SiteMinder Agent for JBoss Guide r12.1 SP3 Third Edition This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationInstallation Guide. Unisphere Central. Installation. Release number REV 07. October, 2015
Unisphere Central Release number 4.0 Installation 300-013-602 REV 07 October, 2015 Introduction... 2 Environment and system requirements... 2 Network planning...4 Download Unisphere Central...6 Deploy
More informationetrust SiteMinder Agent r5.5 for BEA WebLogic 9.0 etrust SiteMinder Agent for BEA WebLogic Guide
etrust SiteMinder Agent r5.5 for BEA WebLogic 9.0 etrust SiteMinder Agent for BEA WebLogic Guide This documentation (the Documentation ) and related computer software program (the Software ) (hereinafter
More informationCA SiteMinder. Agent for JBoss Guide 12.51
CA SiteMinder Agent for JBoss Guide 12.51 This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation ), is for your
More informationCA SiteMinder Web Services Security
CA SiteMinder Web Services Security WSS Agent for IBM WebSphere Guide 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as
More informationKB 2449 CA Wily APM security example: CA SiteMinder for authentication with CA EEM for authorization
This article describes how you can perform a CA SiteMinder basic set up and configuration to provide CA Wily APM authentication before deploying CA EEM for. This example describes these tasks: Configure
More informationetrust SiteMinder Connector for Oracle Solutions Architecture, Installation and Configuration Guide For UNIX Version 1.6 (Rev 1.
etrust SiteMinder Connector for Oracle Solutions Architecture, Installation and Configuration Guide For UNIX Version 1.6 (Rev 1.1) October 2006 CA Inc. Solution Engineering Team 100 Staples Drive Framingham,
More informationetrust SiteMinder Agent r6.0 for IBM WebSphere
etrust SiteMinder Agent r6.0 for IBM WebSphere SiteMinder Agent for IBM WebSphere Guide r6.0 This documentation (the Documentation ) and related computer software program (the Software ) (hereinafter collectively
More informationDell EMC Unisphere 360
Dell EMC Unisphere 360 Version 9.0.1 Installation Guide REV 02 Copyright 2014-2018 Dell Inc. or its subsidiaries. All rights reserved. Published October 2018 Dell believes the information in this publication
More informationCA SiteMinder Federation Standalone
CA SiteMinder Federation Standalone Installation and Upgrade Guide r12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as
More informationEMC Unisphere 360 for VMAX
EMC Unisphere 360 for VMAX Version 8.3.0 Installation Guide REV 01 Copyright 2014-2016 EMC Corporation. All rights reserved. Published in the USA. Published September 2016 EMC believes the information
More informationVideo Media Center - VMC 1000 Getting Started Guide
Video Media Center - VMC 1000 Getting Started Guide Video Media Center - VMC 1000 Getting Started Guide Trademark Information Polycom, the Polycom logo design, Video Media Center, and RSS 2000 are registered
More informationIntegrating CA (formerly Netegrity) SiteMinder 6.0 with IBM Lotus Connections 2.0
Integrating CA (formerly Netegrity) SiteMinder 6.0 with IBM Lotus Connections 2.0 Xin BJ Xu IBM Software Group, WPLC Beijing, China Xiao Feng Yu IBM Software Group, WPLC Staff Software Engineer Shanghai,
More informationCA SITEMINDER OVERVIEW
info@tutionbooks.com CA SITEMINDER OVERVIEW www.tutionbooks.com Session Overview 1 2 3 4 Concept of application Security Requirement of Siteminder Features of siteminder Basic of request to access an application
More informationTivoli/Plus for ADSM 1.0
Tivoli/Plus for ADSM 1.0 8 Tivoli/Plus for??? Release Notes Tivoli/Plus for ADSM 1.0 System Requirements The Tivoli/Plus for ADSM module provides management of the ADSM version 1.2 server application and
More informationEMC Unisphere 360 for VMAX
EMC Unisphere 360 for VMAX Version 8.4.0 Installation Guide REV 01 Copyright 2014-2017 EMC Corporation All rights reserved. Published May 2017 Dell believes the information in this publication is accurate
More informationSupports full integration with Apollo, Galileo and Worldspan GDS.
FEATURES GENERAL Web-based Solution ALL TRAVELPORT GDS Supports full integration with Apollo, Galileo and Worldspan GDS. GRAPHICAL INTUITIVE WEB EXPERIENCE Intuitive web experience for both GDS expert
More informationWHAT S NEW in 7.9 RELEASE NOTES
7.9 RELEASE NOTES January 2015 Table of Contents Session Usability...3 Smarter Bookmarks... 3 Multi-Tabbed Browsing... 3 Session Time Out Pop Up... 4 Batch No Show Processing...5 Selecting a Guarantee
More informationOTP SERVER NETEGRITY SITEMINDER 6. Rev 1.0 INTEGRATION MODULE. Copyright, NordicEdge, 2005 O T P S E R V E R I N T E G R A T I O N M O D U L E
OTP SERVER INTEGRATION MODULE NETEGRITY SITEMINDER 6 Copyright, NordicEdge, 2005 www.nordicedge.se Copyright, 2005, NordicEdge AB Page 1 of 11 1 Introduction 1.1 OTP Server Overview Nordic Edge OTP Server
More informationMyTraveler User s Manual
MyTraveler User s Manual MyTraveler is the DataTraveler Elite tool that enables you to access and customize your DataTraveler Elite through the MyTraveler Console. Messages and prompts guide you through
More informationELOQUA INTEGRATION GUIDE
ELOQUA INTEGRATION GUIDE VERSION 2.2 APRIL 2016 DOCUMENT PURPOSE This purpose of this document is to guide clients through the process of integrating Eloqua and the WorkCast Platform and to explain the
More informationMYOB EXO OnTheGo. Release Notes 1.2
MYOB EXO OnTheGo Release Notes 1.2 Contents Introduction 1 What s New in this Release?... 1 Installation 2 Pre-Install Requirements... 2 Installing the EXO API... 2 Installing EXO OnTheGo... 2 New Features
More informationUser Guide for E-Rez
User Guide for E-Rez Table of Contents Section 1 Using E-Rez... 3 Security & Technical Requirements... 3 Logging on to E-Rez... 4 Verify Your Profile... 4 Section 2 Travel Center... 5 Familiarize yourself
More informationCruisePay Enhancements for 2005 Training Guide Version 1.0
CruisePay Enhancements for 2005 Training Guide Version 1.0 Royal Caribbean Cruises Ltd. 2004 i 9/8/2005 Table of Content: 1 Overview 1 1.1 Purpose: 2 1.2 Assumptions: 2 1.3 Definitions: 2 2 Web Application
More informationRSA SecurID Ready Implementation Guide
RSA SecurID Ready Implementation Guide Last Modified Thursday, May 08, 2003 1. Partner Information Partner Name Web Site Product Name Version & Platform Product Description Product Category Netegrity,
More informationICTAP Program. Interoperable Communications Technical Assistance Program. Communication Assets Survey and Mapping (CASM) Tool Short Introduction
ICTAP Program Interoperable Communications Technical Assistance Program Communication Assets Survey and Mapping (CASM) Tool Short Introduction Outline Overview General Information Purpose Security Usage
More informationCASS & Airline User Manual
CASSLink AWB Stock Management System CASS & Airline User Manual Version 2.11 (for CASSLink Version 2.11) Version 2.11 1/29 March 2009 CASSLink Stock Management Table of Contents Introduction... 3 1. Initialising
More informationManagement System for Flight Information
Management System for Flight Information COP 5611 Chantelle Erasmus Page 1 of 17 Project Phases Design Phase (100 percent complete)... 3 Initial Implementation and Testing Phase (90 percent complete)...
More informationFederal GIS Conference February 10 11, 2014 Washington DC. ArcGIS for Aviation. David Wickliffe
Federal GIS Conference 2014 February 10 11, 2014 Washington DC ArcGIS for Aviation David Wickliffe What is ArcGIS for Aviation? Part of a complete system for managing data, products, workflows, and quality
More informationIBM Tivoli Storage Manager Version Configuring an IBM Tivoli Storage Manager cluster with IBM Tivoli System Automation for Multiplatforms
IBM Tivoli Storage Manager Version 7.1.1 Configuring an IBM Tivoli Storage Manager cluster with IBM Tivoli System Automation for Multiplatforms IBM Tivoli Storage Manager Version 7.1.1 Configuring an
More informationInHotel. Installation Guide Release version 1.5.0
InHotel Installation Guide Release version 1.5.0 Contents Contents... 2 Revision History... 4 Introduction... 5 Glossary of Terms... 6 Licensing... 7 Requirements... 8 Licensing the application... 8 60
More informationFAASafety.gov Help Manual for WINGS - Pilot Proficiency Program Federal Aviation Administration May 1, 2007
FAASafety.gov Help Manual for WINGS - Pilot Proficiency Program Federal Aviation Administration May 1, 2007 Gold Systems Inc. FAASafety.gov WINGS Pilot Proficiency Program 1 FAASafety.gov Help Manual for
More informationBonita Workflow. Getting Started BONITA WORKFLOW
Bonita Workflow Getting Started BONITA WORKFLOW Bonita Workflow Getting Started Bonita Workflow v3.0 Software January 2007 Copyright Bull SAS Table of Contents Chapter 1. New Features for Workflow...1
More informationSpecial edition paper Development of a Crew Schedule Data Transfer System
Development of a Crew Schedule Data Transfer System Hideto Murakami* Takashi Matsumoto* Kazuya Yumikura* Akira Nomura* We developed a crew schedule data transfer system where crew schedule data is transferred
More informationFliteStar USER S GUIDE
FliteStar USER S GUIDE 2003 Jeppesen Sanderson, Inc. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, stored in a retrieval system, or transmitted,
More informationMyFBO Help. Contents TRAINING ONLY
MyFBO Help Updated: July 25,2011 The online help menu works well to find most answers and explanations how to use the system. Simply click on the blue question mark symbol on the top right corner of MyFBO.com.
More informationMARKETO INTEGRATION GUIDE
MARKETO INTEGRATION GUIDE VERSION 1.2 JANUARY 2016 DOCUMENT PURPOSE This purpose of this document is to guide clients through the process of integrating Marketo and the WorkCast Platform. DOCUMENT CONTROL
More informationUser Reference Manual
User Reference Manual Of Food Licensing & Registration System (FLRS) (Version 2.0) For Food Business Operator (FBO) 1 1. Login Page Type the URL: - http://foodlicensing.fssai.gov.in and first create Username
More informationQuickStart Guide. Concur Premier: Travel
QuickStart Guide Concur Premier: Travel Proprietary Statement This document contains proprietary information and data that is the exclusive property of Concur Technologies, Inc., Redmond, Washington. If
More informationINTERNATIONAL CIVIL AVIATION ORGANIZATION AFI REGION AIM IMPLEMENTATION TASK FORCE. (Dakar, Senegal, 20 22nd July 2011)
IP-5 INTERNATIONAL CIVIL AVIATION ORGANIZATION AFI REGION AIM IMPLEMENTATION TASK FORCE (Dakar, Senegal, 20 22nd July 2011) Agenda item: Presented by: Implementation of a African Regional Centralised Aeronautical
More informationOperations Manual. FS Airlines Client User Guide Supplement A. Flight Operations Department
Restricted Circulation Edition 1.0 For use by KORYO Air & KORYO Connect Pi Operations Manual FS Airlines Client User Guide Supplement 1. 1022 14A This manual has been approved by and issued on behalf of:
More informationAmadeus Selling Platform Timatic User Guide
Amadeus Selling Platform Timatic User Guide amadeus.com YOUR USE OF THIS DOCUMENTATION IS SUBJECT TO THESE TERMS Use of this documentation You are authorised to view, copy, or print the documentation for
More informationAngel Flight Information Database System AFIDS
Pilot s Getting Started Guide Angel Flight Information Database System AFIDS Contents Login Instructions... 3 If you already have a username and password... 3 If you do not yet have a username and password...
More informationThe implications of. Simon Willison Google Tech Talk, 25th June 2007
The implications of Simon Willison Google Tech Talk, 25th June 2007 Who here has used OpenID? Who uses it regularly? What is OpenID? OpenID is a decentralised mechanism for Single Sign On What problems
More informationPhytclean Guide: How to apply for phytosanitary (special) markets
Wednesday, 27 June 2018 Phytclean Guide: How to apply for phytosanitary (special) markets Preamble This help file is designed for pome fruit producers registering for special markets. Please use this guide
More informationCisco CMX Cloud Proxy Configuration Guide
Cisco CMX Cloud Proxy Configuration Guide Overview Welcome to Cisco Connected Mobility Experiences (CMX) in the cloud. CMX Cloud is essentially running the CMX software in a Cisco supported and maintained
More informationPreliminary Staff User s Manual. CASSi The Computerized Aircraft Scheduling System Rev. 1.28a. February 10, 2001
CASSi The Computerized Aircraft Scheduling System Rev. 1.28a February 10, 2001 Page 1 of 37 June 25, 2000 Introduction CASSi is the Computerized Aircraft Scheduling System, an Internet based system that
More informationA New Way to Work in the ERCOT Market
Siemens Energy, Inc. Power Technology Issue 111 A New Way to Work in the ERCOT Market Joseph M. Smith Senior Staff Business Development Specialist joseph_smith@siemens.com In recent months The Electric
More informationPSS Integrating 3 rd Party Intelligent Terminal. Application Note. Date December 15, 2009 Document number PSS5000/APNO/804680/00
PSS 5000 Application Note Integrating 3 rd Party Intelligent Terminal Date December 15, 2009 Document number PSS5000/APNO/804680/00 Doms A/S Formervangen 28 Tel. +45 4329 9400 info@doms.dk DK-2600 Glostrup
More informationFinancial Symposium September 2018 Madrid Marriott Auditorium Hotel & Conference Center
5 World th Financial Symposium 17 20 September 2018 Madrid Marriott Auditorium Hotel & Conference Center 7 th SIS General Meeting 18 th September 2018 Madrid Marriott Auditorium Hotel & Conference Center
More informationBaggage Reconciliation System
Product Description PD-TS-105 Issue 1.0 Date January 2015 The purpose of this product description is to enable the customer to satisfy himself as to whether or not the product or service would be suitable
More informationConcur Travel: Post Ticket Change Using Sabre Automated Exchanges
Concur Travel: Post Ticket Change Using Sabre Automated Exchanges Travel Service Guide Applies to Concur Travel: Professional/Premium edition TMC Partners Direct Customers Standard edition TMC Partners
More informationBy Prabath Siriwardena, WSO2
By Prabath Siriwardena, WSO2 Why OpenID??? Too many passwords Duplicated profiles everywhere Oops..!!! My favorite user name GONE!!! Why OpenID??? OpenID solves them all!!! Single user name/password Single
More informationHelpAndManual_unregistered_evaluation_copy AirLog Pilot Logbook V3
HelpAndManual_unregistered_evaluation_copy AirLog Pilot Logbook V3 HelpAndManual_unregistered_evaluation_copy AirLog Pilot Logbook V3 Version 3 LLTSoftware.com AirLog pilot logbook for Windows provides
More informationScott Silveira, District 5 Supervisor SOCIAL MEDIA POLICIES AND PROCEDURES
Scott Silveira, District 5 Supervisor SOCIAL MEDIA POLICIES AND PROCEDURES PURPOSE Scott Silveira, District 5 Supervisor,recognizes a need to augment his traditional communication methods with the use
More informationTravel Agent - User Guide
Travel Agent - User Guide Amadeus Fare World Contents Amadeus Fare World... 3 Search screen... 4 Standard Search... 4 Open Jaw search... 5 Agentweb... 5 Power Pricer (Agency Mark Up)... 6 Search functions...
More informationFOR SMALL AND MEDIUM SIZED AIRPORTS Velocity FIDS
is a FIDS solution for small and medium sized airports. It is available as an installed and as a cloud solution and it is multi airport solution. The package contains many use full features like a flight
More informationmyldtravel USER GUIDE
myldtravel USER GUIDE Rev #2 Page 2 of 37 Table of Contents 1. First-Time Login... 4 2. Introduction to the myldtravel Application... 7 3. Creating a Listing... 8 3.1 Traveller Selection... 9 3.2 Flight
More informationultimate traffic Live User Guide
ultimate traffic Live User Guide Welcome to ultimate traffic Live This manual has been prepared to aid you in learning about utlive. ultimate traffic Live is an AI traffic generation and management program
More information2018 PSO Profile Highlights and Tips. December 18, :00 3:00 PM
2018 PSO Profile Highlights and Tips December 18, 2018 2:00 3:00 PM Call Logistics The PSOPPC will be presenting the 2018 PSO Profile Highlights and Tips. Please use the chat (Ask a Question) to submit
More informationHow To Set Up and Use the SAP ME Earned Standards Feature
SAP Manufacturing Execution How-To Guide How To Set Up and Use the SAP ME s Feature Applicable Release: ME 6.0 Version 1.0 June 4, 2012 Copyright 2012 SAP AG. All rights reserved. No part of this publication
More informationPRIVACY POLICY KEY DEFINITIONS. Aquapark Wrocław Wrocławski Park Wodny S.A. with the registered office in Wrocław, ul. Borowska 99, Wrocław.
Shall enter into force on the 25th May 2018, PRIVACY POLICY Aquapark Wrocław shall endeavour to protect privacy of persons who use our services. This document has been implemented to comply with rules
More informationE: W: avinet.com.au. Air Maestro Training Guide Flight Records Module Page 1
E: help@avinet.com.au W: avinet.com.au Air Maestro Training Guide Flight Records Module Page 1 Contents Assigning Access Levels... 3 Setting Up Flight Records... 4 Editing the Flight Records Setup... 10
More informationmyidtravel Functional Description
myidtravel Functional Description Table of Contents 1 Login & Authentication... 3 2 Registration... 3 3 Reset/ Lost Password... 4 4 Privacy Statement... 4 5 Booking/Listing... 5 6 Traveler selection...
More informationAIRCRAFT SERVICE CHANGE
AIRCRAFT SERVICE CHANGE NUMBER 909 SUBJECT INDICATING / RECORDING (ATA 31) PLANEVIEW MASTER OPERATING SYSTEM SOFTWARE UPDATE DECEMBER 22, 2011 PILOTS INFORMATION SHEET PLANEVIEW MASTER OPERATING SYSTEM
More informationS-Series Hotel App User Guide
S-Series Hotel App User Guide Version 1.2 Date: April 10, 2017 Yeastar Information Technology Co. Ltd. 1 Contents Introduction... 3 About This Guide... 3 Installing and Activating Hotel App... 4 Installing
More informationIn-Service Data Program Helps Boeing Design, Build, and Support Airplanes
In-Service Data Program Helps Boeing Design, Build, and Support Airplanes By John Kneuer Team Leader, In-Service Data Program The Boeing In-Service Data Program (ISDP) allows airlines and suppliers to
More information4 REPORTS. The Reports Tab. Nav Log
4 REPORTS This chapter describes everything you need to know in order to use the Reports tab. It also details how to use the TripKit to print your flight plans and other FliteStar route data. The Reports
More informationFirewall Network and Proxy Datasheet
Firewall Network and Proxy Datasheet This document lists information about Kontiki servers that you might need for configuring firewalls and proxy servers. As Kontiki selects vendors and expands services,
More informationUM1868. The BlueNRG and BlueNRG-MS information register (IFR) User manual. Introduction
User manual The BlueNRG and BlueNRG-MS information register (IFR) Introduction This user manual describes the information register (IFR) of the BlueNRG and BlueNRG-MS devices and provides related programming
More informationConcur Travel User Guide
Concur Travel User Guide Table of Contents Updating Your Travel Profile... 3 Travel Arranger... 3 Access... 3 Book a Flight... 5 Step 1: Start the Search... 5 Step 2: Select a flight... 7 Step 3: Select
More informationConcur Travel: User Supplied Hotels
Concur Travel: User Supplied Hotels Travel Service Guide Applies to Concur Travel: Professional/Premium edition TMC Partners Direct Customers Standard edition TMC Partners Direct Customers Contents User
More informationQuick Reference Guide Version
Quick Reference Guide Version 2013.1 400 Minuteman Road Andover, MA 01810 USA Tel 978.983.6300 Fax 978.983.6400 Edgbaston House (15 th Floor) 3 Duchess Place, Hagley Road Birmingham, B16 8HN United Kingdom
More informationAccompanied Travel Enhancements. Product Advisory. May 11, 2007
Accompanied Travel Enhancements Product Advisory May 11, 2007 2006 Galileo International. All rights reserved. Information in this document is subject to change without notice. No part of this publication
More informationConcur Online Booking Tool: Booking Airfare for a Guest
Concur Online Booking Tool: Booking Airfare for a Guest Process Flow (Best Practice): How To Book Your guest s Airfare using Concur: 1. Navigate to the Concur tool via the OSU Travel website (osutravel.osu.edu)
More informationCA SiteMinder Web Access Manager r12
Reference Code: TA001441SEC Publication Date: July 2008 Author: Aanchal Sabharwal, Angela Eager, and Somak Roy TECHNOLOGY AUDIT CA SiteMinder Web Access Manager r12 CA BUTLER GROUP VIEW ABSTRACT CA SiteMinder
More informationHomeport 2.0 User Guide for Public Users
Commanding Officer U.S. Coast Guard Operations Systems Center Kearneysville, WV 25430 Homeport 2.0 User Guide for Public Users Version 1.0 Draft October 17, 2017 Table of Contents 1. PREFACE...1 1.1 About
More informationPaperless Aircraft Operations - IATA s Vision and Actions - Chris MARKOU IATA Operational Costs Management
Paperless Aircraft Operations - IATA s Vision and Actions - Chris MARKOU IATA Operational Costs Management IATA s Paperless Initiatives Passenger Reservations, Ticketing and Airport Processes e-ticketing
More informationMenlo Park Fire District Training Division. Unmanned Aerial System Pilot
Menlo Park Fire District Training Division TASK BOOK FOR THE POSITION OF Unmanned Aerial System Pilot Date Issued TASK BOOK ASSIGNED TO: Individuals name, assignment DATE TASK BOOK INITIATED The material
More informationManagement System for Flight Information
Management System for Flight Information COP 5611 Chantelle Erasmus Page 1 of 9 Project Phases Design Phase (100 percent complete)... 3 Initial Implementation and Testing Phase (0 percent complete)...
More informationInHotel. Installation Guide Release version 1.6.0
InHotel Installation Guide Release version 1.6.0 Contents Contents... 2 Revision History... 5 Introduction... 6 Glossary of Terms... 7 Licensing... 8 Requirements... 9 Licensing the application... 9 60
More informationQ. Can I book personal travel on the site? - The Concur site is to be used exclusively for business related travel.
Concur Travel FAQ Q. What will I use Concur Travel for? - Concur Travel is Hill-Rom s online booking tool for all of your business travel needs. It works with Travel and Transport and allows you to see
More informationPSS MVS 7.15 announcement
PSS MVS 7.15 announcement New Mainframe Software Print SubSystem MVS 7.15 AFP printing and AFP2PDF conversion Version 7.15 Bar Code + PDF Update with additional features and fixes 2880 Bagsvaerd Tel.:
More informationLS-Data. Manual. Altenrhein Luftfahrt GmbH Office Park 3 Top 312 / Postfach 90 A-1300 Wien Flughafen
LS-Data Manual Altenrhein Luftfahrt GmbH Office Park 3 Top 312 / Postfach 90 A-1300 Wien Flughafen Contents: 1. General... 2 2. Requirements... 2 3. Log In... 3 4. Cockpit crew... 4 4.1. New flight...
More informationBooking Airfare for Yourself
Travel Office: Concur Resource Guides Booking Airfare for Yourself Process Flow (Best Practice): How To Book Airfare using Concur: 1. Navigate to the Concur tool via the busfin.osu.edu/buy-schedule-travel/travel.
More informationST Electronics (Info-Software Systems) Pte Ltd. AOCS ACDM Flight Information Management (FIM) Training Guide
Pte Ltd (Regn No: 198601030N) AOCS ACDM Flight Information Management (FIM) Training Guide The information contained herein is the property of Pte Ltd and may not be copied, used or disclosed in whole
More informationComfort Pro A Hotel. User Manual
Comfort Pro A Hotel User Manual Contents ComfortPro A Hotel 5 Software Features............................................................6 Scope of Delivery.............................................................7
More informationFOR DEALER USE ONLY. Online Resource YOUR TRAINING GUIDE. Version 3.0
FOR DEALER USE ONLY Online Resource YOUR TRAINING GUIDE. Version 3.0 2 Your Training Guide Contents 1. Introduction p5 Overview 6 Training standards 7 2. Partner Training Centre p9 Getting set up 10 Logging
More informationNAIPS Internet Service Authorised NOTAM Originator User Guide Version 3.0. (To be read in addition to NIS User Guide 3.0)
NAIPS Internet Service Authorised NOTAM Originator User Guide Version 3.0 (To be read in addition to NIS User Guide 3.0) User Guide for Authorised NOTAM Originators Version 3.0 1. Introduction... 3 1.1
More informationImplementing OpenID for Your Social Networking Web Site
Implementing OpenID for Your Social Networking Web Site By David Keener http://www.keenertech.com Introduction Social networking sites are communities Communities consist of people Getting people to join
More informationUSER GUIDE Cruises Section
USER GUIDE Cruises Section CONTENTS 1. WELCOME.... CRUISE RESERVATION SYSTEM... 4.1 Quotes and availability searches... 4.1.1 Search Page... 5.1. Search Results Page and Cruise Selection... 6.1. Modifying
More informationPrecision and Basic RNAV (P-RNAV [RNP-1]/B-RNAV [RNP-5]) in Europe
King Schools Online Internet Learning Programs Precision and Basic RNAV (P-RNAV [RNP-1]/B-RNAV [RNP-5]) in Europe Pilot Certification Course SYLLABUS King Schools, Inc. 3840 Calle Fortunada San Diego,
More informationCopyright Thomson Financial Limited 2006
Getting Started Copyright Thomson Financial Limited 2006 All rights reserved. No part of this publication may be reproduced without the prior written consent of Thomson Financial Limited, 1 Mark Square,
More informationATPCO. Intended positioning on the market
Company profile Founded in 1965 Head Office address USA (Washington Dulles International Airport) Countries with offices 3 countries (USA, UK, Singapore) Main activities Number of employees Countries with
More informationCA SiteMinder Web Services Security
CA SiteMinder Web Services Security WSS Agent Guide for iplanet Web Servers 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred
More information