Replacing Existing Sybase Control Center Login Modules with Delegate Login Module

If you have manually configured a login provider to work with Unwired Server for authentication, Sybase strongly recommends that you update csi.properties and roles-map.xml to use the newly added Delegate Login module. The Runtime upgrade script automatically replaces the PreConfigured User Login Module entries when found in their respective files.

Adding the Delegate Login module simplifies the maintenance of your Sybase Control Center authentication providers because this module delegates authentication and authorization of the Sybase Control Center users to the "Admin" security configuration of the local (same node). For details see Making "Admin" Security Configuration Production-Ready and Configuration Files in the Security guide.

Open <SCC_HOME>\conf\csi.properties and add the Delegate Login module to it.

A completed file looks similar to this example. Delegate Login appears in bold.


## This file defines the default CSI configuration

###########################################
## login modules ##
###########################################
## Anonymous Login Module
CSI.loginModule.1.provider=com.sybase.ua.services.security.anonymous.AnonymousLoginModule
CSI.loginModule.1.controlFlag=sufficient
CSI.loginModule.1.options.moduleName=Anonymous Login Module
CSI.loginModule.1.options.roles=uaAnonymous

###########################################
## authorizers ##
###########################################
## XML Authorizer
CSI.authorizer.1.provider=com.sybase.ua.services.security.xml.XMLAuthorizer

###########################################
## attributers ##
###########################################
## XML Attributer
CSI.attributer.1.provider=com.sybase.ua.services.security.xml.XMLAttributer

## SUP PreConfiguredUser and Delegation Login Modules
CSI.loginModule.2.options.moduleName=SUP Delegation Login Module

CSI.loginModule.2.provider=com.sybase.ua.services.security.sup.SUPDelegateLoginModule
CSI.loginModule.2.controlFlag=sufficient

Open <SCC_HOME>\conf\roles-map.xml, then insert the entries in bold to use only the Delegation Login Module.

This module is bolded in this example:

<?xml version="1.0" encoding="UTF-8"?>
<roles-map>
 <uaf-roles>
   <role name="uaAgentAdmin" description="Agent administrator role" />
   <role name="uaPluginAdmin" description="Plugin administrator role" />
   <role name="uaOSAdmin" description="Operation system administrator role" />
   <role name="uaASEAdmin" description="ASE administrator role" />
   <role name="uaUser" description="User role" />
   <role name="uaGuest" description="Guest role" />
   <role name="uaAnonymous" description="Anonymous role" />
   <role name="sccAdminRole" description="SCC Administrator Role" />
   <role name="sccOperRole" description="SCC Operator Role" />
   <role name="sccUserRole" description="SCC User Role" />
   <role name="sccGuestRole" description="SCC Guest Role" />
   <role name="jmxDirectAccess" description="JMX Direct Access Role" />    
 </uaf-roles>
 <security-modules>

   <module name="SUP Delegation Login Module">
     <role-mapping modRole="SUP Administrator" uafRole="uaAnonymous,uaAgentAdmin,uaPluginAdmin,sccAdminRole,sccUserRole,sccOperRole,sccGuestRole,jmxDirectAccess"/>
     <role-mapping modRole="SUP Domain Administrator" uafRole="uaAnonymous,uaAgentAdmin,uaPluginAdmin,sccUserRole,sccOperRole,sccGuestRole,jmxDirectAccess"/>
   </module>
   <module name="Anonymous Login Module">
     <role-mapping modRole="uaAnonymous" uafRole="uaAnonymous" />
   </module>
 </security-modules>
</roles-map>