SAP Sybase Event Stream Processor is designed to integrate with your
existing authentication framework whether you are using Kerberos, RSA, LDAP, SAP BI, or your
operating system’s native credential management system.
The type of server authentication you use is selected at install time, but
you can configure the server to use a different authentication type if necessary.
When a user connects to a cluster on the
ESP server, his or her credentials are
verified with the active security provider. If authentication succeeds, the server
considers the user a valid client, and login is completed. The user receives a session ID
and, in subsequent communication, the client uses the session ID to verify itself.
Options
for server authentication include:
- Kerberos - ticket-based authentication
- RSA - requires a key alias, a keystore containing a private key, and the password of
the keystore
- Username/password, implemented using one of the following:
- LDAP credentials
- SAP BI credentials
- Native operating system credentials
(native
OS)
- Preconfigured
username/password
(in csi_local.xml)
Note:
Do not confuse server authentication–enforced when users connect to
remote clusters–with authentication on the local cluster–enforced when using the
Run Project option within Studio. Server
authentication is enforced across your network and is designed for use in a production
environment. Local cluster authentication is enforced only on a user's local machine
and, like the local cluster itself, is intended for a test environment. Authentication
on the local cluster is limited to username/password authentication and is based on the
fixed username
studio. Users can enter any
password for this username to maintain a secure connection with the local cluster for
the duration of the Studio session. The password is maintained in memory and is not
written to a disk. When the Studio session is terminated, the password is discarded from
memory. When connecting to the local cluster in a subsequent Studio session, users are
once again required to provide a password for the fixed username
studio. This password does not have to be the same
password set during the previous Studio session.
Authentication on the local cluster is provided automatically; there is
no additional configuration required.
For
details on the local cluster password,
see
the Studio Users Guide.