Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks AS 5300 manual Authorization, Domain-level authorization, Navigation

Models: AS 5300

1 54

Download 54 pages 16.04 Kb

Page 32

Authorization

32Using the Open Provisioning Interface

Figure 9

Setting authentication headers

Authorization

After the OPI request is authenticated, you must be authorized before performing the action. The authorization includes both domain-level authorization and provisioning-level authorization. If either authorization fails, a SOAP fault is sent back, indicating the reason for failure, and the action is not performed.

Navigation

•"Domain-level authorization" (page 32)

•"Provisioning-level authorization" (page 32)

Domain-level authorization

Each administrator is assigned one or more domains for access and control, which can be overridden by the All domain access in role creation. For instance, the AS 5300 system might consist of three separate domains, Widget.com, Gadget.com, and Sprocket.com. An administrator, WidgetAdmin, can be created with only Widget.com in the list of provisionable domains. This limits WidgetAdmin to provisioning activities inside the Widget.com domain only, and does not permit access to the other domains. Therefore, if a request from WidgetAdmin comes in to modify a user outside of the Widget.com domain, it is rejected because it failed authorization. In addition, attempts to list domain information can only return Widget.com information.

Provisioning-level authorization

The Provisioning Manager of the AS 5300 system is broken into various major categories (Domains, Users, Telephony Routes, and so on). The provisioning system enables the creation of various administrator roles

Nortel AS 5300

Nortel Application Server 5300 Application Programming Interfaces Reference

NN42040-110 01.01 Standard

11 June 2008

Copyright © 2008 Nortel Networks

Image 32

Nortel Networks AS 5300 manual Authorization, Domain-level authorization, Provisioning-level authorization, Navigation

Contents

Nortel Application Server Application Programming Interfaces ReferenceNN42040-110 Nortel ASNortel AS Release Publication NN42040-110 Document status Standard Document release date 11 June Copyright 2008 Nortel NetworksAll Rights Reserved Sourced in Canada LEGAL NOTICE All other trademarks are the property of their respective ownersContents Using the Bulk Provisioning ToolUsing the Open Provisioning Interface New in this releaseAccessing the OPI Java docs Starting the Bulk Provisioning ToolCreating Open Provisioning Interface clients Importing a CA Certificate into the BPTNew in this release Other changesRevision history Nortel AS6 New in this release Nortel ASNN42040-110 01.01 Standard 11 June Copyright 2008 Nortel NetworksUsing the Bulk Provisioning Tool page Using the Open Provisioning Interface pageAccessing the OPI Java docs page Introduction8 Introduction Nortel ASNN42040-110 01.01 Standard 11 June Copyright 2008 Nortel NetworksApplication Programming Interface fundamentals Open Provisioning Interface fundamentalsOpen Provisioning Interface fundamentals page Bulk Provisioning Tool fundamentals pageWhy use the Bulk Provisioning Tool Bulk Provisioning Tool fundamentalsBulk Provisioning Tool requirements 12 Application Programming Interface fundamentals Nortel ASNN42040-110 01.01 Standard 11 June Copyright 2008 Nortel NetworksUsing the Bulk Provisioning Tool Install and launch the BPTInstall and launch the BPT page BPT main menu page BPT main menuBPT main menu 14 Using the Bulk Provisioning ToolAccessing the Domain Operations submenu BPT main menu commands Commandmethod name using * into DescriptionBPT provisioning methods BPT ﬁles and scriptsNavigation FilesCreate and manage provisioning roles using the BPT page Success indication on remove methods page Unknown error messages pageBPT conventions and examples ScriptsgetRole using Role name file file name optional into file name Optional syntaxBrackets Angle bracketsSquare brackets getRole using Role name file file name optional into file namenewguy,mysecret,John,Edwards,Active,,,, ,,,,,Default Admin,,English,Devices only,yourcompany.comComma separated strings Fully qualified user nameUnknown error messages Create and manage provisioning roles using the BPTDefine the new provisioning role Define the new provisioning role pageaddRole using file D\prov\addexample.txt getRole using AddExampleAdd the new provisioning role View the new provisioning roleDelete the new provisioning role getRole method invoked in the BPTBPT Help option help addRoleBPT limitations BPT mapping to the Provisioning ClientBPT mapping to the Provisioning Client page Batch processing page Resource use page Provisioning data visibility pageBulk provisioning of users Batch processingResource use Provisioning data visibility 28 Using the Bulk Provisioning Tool Nortel ASNN42040-110 01.01 Standard 11 June Copyright 2008 Nortel NetworksUsing the Open Provisioning Interface Security, authentication, and authorizationSecurity, authentication, and authorization page Security page Authentication page Authorization pageAuthentication HTTP Basic Authentication - Onboard AuthenticationHTTP Basic Authentication - Onboard Authentication page WS-Security UsernameTokenA special note for .NET authentication headers Sample WS-Security header/SOAP messageAuthorization Domain-level authorizationProvisioning-level authorization Domain-level authorization page Provisioning-level authorization pageImplement interface accessing stubs page Access stubs from the third-party application pageThird-party client development Get the WSDLImplement interface accessing stubs Access stubs from the third-party applicationStarting the Bulk Provisioning Tool Starting the Bulk Provisioning ToolProcedure Steps Downloading the Bulk Provisioning Tool to a workstationLaunching the BPT on a workstation Downloading the Bulk Provisioning Tool to a workstation page2 Enter your administrator username and password The BPT application launchesLaunching the BPT on a workstation Nortel AS38 Starting the Bulk Provisioning Tool Nortel ASNN42040-110 01.01 Standard 11 June Copyright 2008 Nortel NetworksCreating OPI clients Creating Open Provisioning Interface clientsPrerequisites for creating OPI clients Downloading the Axis toolkit page Retrieving the error codes page Configuring the class path page Downloading the WSDL file pageCompiling the client stubs page Writing a client to perform some specific OPI operations pageRetrieving the error codes Downloading the Axis toolkitConﬁguring the class path D\axis-14\webapps\axis\WEB-INF\libDownloading the WSDL ﬁle Compiling the client stubsD\opiclient loadname/wsdl/opit\opi\service Writing a client to perform some speciﬁc OPI operationsProcedure Steps Step ActionExample - Writing a client The client class can be compiled similarly to the compilation of the OPI Stubs, and executed. The OPI Stub classes and AXIS toolkit jars must be present in the classpath during execution, as demonstrated in the following figure 46 Creating Open Provisioning Interface clients Compiling the client classNortel AS NN42040-110 01.01 Standard 11 JuneStep Action Accessing the OPI Java docsProcedure Steps AdminAuthentication subfolder in the OPI Java Docs folder OPIJavadocs file unzippedAccessing the javadocs for the AdminAuthentication OPI web service 50 Accessing the OPI Java docs Nortel ASNN42040-110 01.01 Standard 11 June Copyright 2008 Nortel NetworksImporting a CA Certiﬁcate into the BPT The tool prompts Trust this certificate? nokeytool -list -v -keystore opitruststore Procedure Steps52 Importing a CA Certificate into the BPT Nortel ASNN42040-110 01.01 Standard 11 June Copyright 2008 Nortel NetworksPage Nortel AS