Different security providers give Unwired Server security features that include authentication, attribution, and authorization capabilities that are not inherent to the server itself. In most cases, you should use Sybase Control Center to configure your providers.
You can configure security providers for Unwired Server by logging into the sever in Sybase Control Center and clicking . Configuring these providers writes changes to the configuration properties file for Unwired Server.
Unwired Platform supports the following provider types: LDAP, Remedy, Siebel, Domino, and Native OS (NT Proxy). In Unwired Server, different providers offer various services and are implemented as discreet modules that customize the behavior of the provider you implement.
If any of these provider are a third party provider, then you must save related jars or DLLs in the Unwired Server <UnwiredPlatform/servers/UnwiredServer/lib folder.
- Authentication modules – Verify the identity of a user accessing a network with the mobile application, typically via a login form or some other login or validation mechanism. Authentication in Unwired Server is always distinct from authorization. You must have at least one authentication module configured in a production deployment of Unwired Server. You can stack multiple providers so user are authenticated in a particular sequence.
- Authorization modules – Check the access privileges for an authenticated identity. Sybase recommends that you have at least one authorization module configured in a production deployment of Unwired Server.
- Attribution modules – When a user is authenticated, the attribution provider add more information about the authenticated user. Attribution modules are optional; however, if the user is providing registration information this module is recommended.
- Auditing modules – Report all audit events to allow you to evaluate the security system implementation for Unwired Server. Auditing allows you to have a record of all the security decisions that have been made. Each successful Authentication creates a session key that shows up in subsequent security checks for that user. Unsuccessful authentications are also logged. Each authorization records what roles were checked, or what resource was accessed. Audit filters determine what events get recorded, and the Audit format determines what the audit records look like. The Audit destination determines where the audit records go.
You use the audit trail to identify who did what and when with respect to objects secured by your providers.
Auditing modules are optional.
- Role mapping modules – Check to see if an identity has been assigned to a role.
Note: Role mapping modules are optional; however, if you do not configure a provider, you cannot manage roles in Sybase Control Center for Unwired Server. Roles are then completely disabled by default and developers will be required to change the mobile applications created in Unwired WorkSpace.
In most cases, the separation of services require each security module to require a unique set configuration properties. However, there are some cases when modules require a common set of properties, and these properties are configured once for each on a discrete tab created for that purpose.
Note: Sybase strongly recommends that you use a common authentication provider for
Afaria, Unwired Server, and Sybase Control Center. Otherwise, user names and password used to authenticate users from mobile clients and Unwired Server administration and Afaria may not work seamlessly. Afaria and Unwired Server can share LDAP and NativeOS security; however, only LDAP can be used by all three components. Configuration details between the components must match; otherwise, single sign-on does not work.
Each component implements security mechanisms differently.
- For Unwired Server, use Sybase Control Center to configure the provider by clicking then configuring the information in the Authentication tab.
- For Sybase Control Center, edit the
<UAF-install-dir>\conf\csi.properties file.
- For Afaria, enable authentication and select the appropriate naming attribute. Depending on your system configuration, you might also need to run
<UnwiredPlatform_InstallDir>\Servers\Afaria\bin\XSDirectorySetupWizard.exe to manually set up Afaria and Unwired Server to share the same repository.