skip to main content
Administering Hybrid Data Pipeline : Authentication : Advanced functionality for authentication services
  

Try Now

Advanced functionality for authentication services

To support more complex authentication environments, Hybrid Data Pipeline provides the following functionality.
*Linking multiple end users to a single Hybrid Data Pipeline user account
*Linking a group of users to a Hybrid Data Pipeline account using a wildcard
*Implementing a delimiter for the username credential

Linking multiple end users to a single Hybrid Data Pipeline user account

Multiple end users associated with multiple authentication services can be authenticated through a single user account. For example, an administrator may want to associate several end users with a Hybrid Data Pipeline user account named odata_users with ID of 18. The following PUT operation updates the odata_users account such that three new OData users can access Hybrid Data Pipeline through the account. Each of the new users will be authenticated against an external authentication service specified by the authServiceId property. (See Authentication API and Users API for details on working with authentication services and user accounts.)
PUT https://MyServer:8443/api/admin/users/18/authinfo
{
"authUsers": [
{
"authUserName": "internal_user",
"authServiceId": 1
},
{
"authUserName": "odata_user_1",
"authServiceId": 21
},
{
"authUserName": "odata_user_2",
"authServiceId": 43
},
{
"authUserName": "odata_user_3",
"authServiceId": 89
}
]
}

Linking a group of users to a Hybrid Data Pipeline account using a wildcard

A wildcard can be used to associate a group of end users in an external authentication service with a user account. The only supported wildcard is *, which matches any and all names. In the following example, an administrator creates a user account called support_team and uses a wildcard to associate users in an external authentication service with this account. (See Authentication API and Users API for details on working with authentication services and user accounts.)
Important: When a wildcard is used to associate end users with a Hybrid Data Pipeline user account, the Systems Configuration API must be used to implement a delimiter for the username credential.
POST https://MyServer:8443/api/admin/users
{
"userName": "support_team",
"statusInfo": {
"status": 1,
"accountLocked": false
},
"passwordInfo": {
"passwordStatus": 1,
"passwordExpiration": "2020-01-01 00:00:00"
},
"permissions": {
"roles": [
1
]
},
"authenticationInfo": {
"authUsers": [
{
"authUserName": "internal_user2",
"authServiceId": 1
},
{
"authUserName": "*",
"authServiceId": 21
}
]
}
}

Implementing a delimiter for the username credential

A delimiter can be implemented to require the inclusion of the name of the authentication service as well as the name of the end user when passing the username credential. A delimiter must be used whenever the wildcard is used to associate names from an external authentication service with a Hybrid Data Pipeline user account. A delimiter should also be required if there is a possibility of naming conflicts among end users from different external authentication services. In the following example, an administrator uses the System Configurations API to implement a delimiter.
PUT https://MyServer:8443/api/admin/configurations/1
{
"value": ":"
}
With this implementation, the username credential must take the form auth_user_name:auth_service_name (for example, user437:LDAP1).