The login data of an AE user contains information about the client, user nameName of the Automation Engine user., departmentDepartment name to which the Automation Engine user belongs. and passwordA secret combination of characters for a Automation Engine user.. During the authentication process AE compares the login information that is entered with the stored user data. Depending on the result of this comparison, access is either granted or denied.
Also, the Automation Engine provides a password exit which can be used to verify or - where necessary - reject attempts to log on to the AE system via a custom-developed program library. The password exit is called for any type of AE user logon (UserInterface, CallAPI).
When using the password exit for verifying user authentication, the AE-specific authentication information (users with the appropriate rights and privileges) must be available in the AE system.
It is necessary to implement a program library which contains the following C functions:
Description |
Data type of return code |
C function |
---|---|---|
Is called in all work processes (WP) when the Server starts. The password exit is not active if this function ends on a return code unequal zero. No more calls are made. |
long |
XUC4PASS_Open(AE system, parameter, callback function) Data type of AE system: char* Use the callback function to print text outputs in the Automation Engine's log file. Define the callback function as shown below: typedef void (WINAPI *UC4_LOGTEXT)(char *pText); |
It is called in all work processes (WP) when the Server has ended provided the exit could successfully be opened. |
long |
XUC4PASS_Close() |
Is called in the current primary work process (PWP) with each AE login. This function must return a return code of the following table. |
long |
XUC4PASS_Execute(client, user name, department, password, language, computer name, login type, length of output area, output area) Data type of client: int The output area is any text which is output in the message box after successful logon. Only login via UserInterface or WebInterface has the effect that this text is displayed. It can be read with the ApplicationInterface. Note that the text must not exceed the length of the output area. The function XUC4PASS_Execute is synchronously called with each login. A long processing time in this function blocks the PWP for other tasks. |
Return codes of the function XUC4PASS_Execute:
Value |
Constant |
Description |
---|---|---|
0 |
XUC4PASS_EXECUTE_EXIT_OK |
User was successfully authenticated. The password will be saved afterwards as user password in the databaseA database is an organized collection of data including relevant data structures.. |
1 |
XUC4PASS_EXECUTE_EXIT_DENIED |
User was not successfully authenticated (e.g. wrong password was used). |
2 |
XUC4PASS_EXECUTE_EXIT_DENIED_LOCK |
User is blocked. |
3 |
XUC4PASS_EXECUTE_EXIT_INACTIVE |
The password exit has not checked the user. |
4 | PEXIT_RETCODE_AUTHENT_NO_PASSWORD | The password is valid, but will not be saved in the database after authentication. |
A sample implementation is available in the delivery directory SystemExit\xuc4pass. It includes makefiles that can be adjusted according to the application development.
The password exit has a higher priority than the LDAP connection if both are activated. If the states "authenticated" or "access denied" are returned, the LDAP connection is not called at all. It is only called if the password exit is inactive or has been deactivated.
Automic strongly recommends copying the generated library to the Server installation directory.
Information about the Password Exit is available in the System Overview.
See also:
variable UC_SYSTEM_SETTINGS
Encoding Passwords