Nortel Networks AS 5300 manual Authorization

Page 32

32Using the Open Provisioning Interface

Figure 9

Setting authentication headers

Authorization

After the OPI request is authenticated, you must be authorized before performing the action. The authorization includes both domain-level authorization and provisioning-level authorization. If either authorization fails, a SOAP fault is sent back, indicating the reason for failure, and the action is not performed.

Navigation

"Domain-level authorization" (page 32)

"Provisioning-level authorization" (page 32)

Domain-level authorization

Each administrator is assigned one or more domains for access and control, which can be overridden by the All domain access in role creation. For instance, the AS 5300 system might consist of three separate domains, Widget.com, Gadget.com, and Sprocket.com. An administrator, WidgetAdmin, can be created with only Widget.com in the list of provisionable domains. This limits WidgetAdmin to provisioning activities inside the Widget.com domain only, and does not permit access to the other domains. Therefore, if a request from WidgetAdmin comes in to modify a user outside of the Widget.com domain, it is rejected because it failed authorization. In addition, attempts to list domain information can only return Widget.com information.

Provisioning-level authorization

The Provisioning Manager of the AS 5300 system is broken into various major categories (Domains, Users, Telephony Routes, and so on). The provisioning system enables the creation of various administrator roles

Nortel AS 5300

Nortel Application Server 5300 Application Programming Interfaces Reference

NN42040-110 01.01 Standard

11 June 2008

Copyright © 2008 Nortel Networks

Image 32
Contents NN42040-110 Legal Notice Contents Starting the Bulk Provisioning Tool New in this release Other changesNew in this release Introduction NavigationAudience Related documentsIntroduction Application Programming Interface fundamentals Open Provisioning Interface fundamentalsWhy use the Bulk Provisioning Tool Bulk Provisioning Tool fundamentalsBulk Provisioning Tool requirements Following table lists the requirements to run the BPTApplication Programming Interface fundamentals BPT main menu Using the Bulk Provisioning ToolInstall and launch the BPT BPT main menu Quit BPT provisioning methods BPT files and scriptsNavigation FilesMethod and file syntax conventions BPT conventions and examplesScripts Optional syntax BracketsAngle brackets GetSysRoles optional into file nameSquare brackets BarSuccess indication on remove methods Comma separated stringsFully qualified user name Define the new provisioning role Unknown error messagesCreate and manage provisioning roles using the BPT AddRole using file D\prov\addexample.txt GetRole using AddExampleAdd the new provisioning role View the new provisioning roleDelete the new provisioning role BPT Help option Help addRoleBPT limitations BPT mapping to the Provisioning ClientBatch processing Resource useProvisioning data visibility Using the Bulk Provisioning Tool Security Using the Open Provisioning InterfaceSecurity, authentication, and authorization WS-Security UsernameToken AuthenticationHttp Basic Authentication Onboard Authentication Special note for .NET authentication headers Authorization Domain-level authorization Provisioning-level authorizationThird-party client development Get the WsdlGenerate stubs WsdlImplement interface accessing stubs Access stubs from the third-party applicationStarting the Bulk Provisioning Tool Starting the Bulk Provisioning ToolLaunching the BPT on a workstation Procedure StepsDownloading the Bulk Provisioning Tool to a workstation Launching the BPT on a workstation Starting the Bulk Provisioning Tool Creating OPI clients Creating Open Provisioning Interface clientsPrerequisites for creating OPI clients Task flow for creating OPI clients Retrieving the error codes Downloading the Axis toolkitConfiguring the class path \axis-14\webapps\axis\WEB-INF\libDownloading the Wsdl file Compiling the client stubs\opiclient Loadname/wsdl/opi\opi\service Writing a client to perform some specific OPI operationsExample Writing a client Writing a client to perform some specific OPI operations Compiling the client class Accessing the OPI Java docs Procedure StepsAdminAuthentication subfolder in the OPI Java Docs folder Writing a client to perform some specific OPI operations Accessing the OPI Java docs Keytool -list -v -keystore opitruststore Importing a CA Certificate into the BPTTool prompts Trust this certificate? no Importing a CA Certificate into the BPT Page Nortel AS
Related manuals
Manual 92 pages 3.24 Kb