Abstract

This article discusses the Principal Authentication Mode available in DFC.

Description

The Principal mode is used to authenticate by specifying just the username. The session is then obtained by the session manager from an implementation of com.documentum.fc.client.IDfPrincipalSupport interface by means of the username. This implementation is responsible for authenticating the specified identity using an external mechanism and creating the session.

Principal name is set using IDfSessionManager#setPrincipalName(...) instead of the IDfSessionManager#setIdentity(repoName,IDfLoginInfo) method. Notice that the principal name does not specify a repository unlike the setIdentity(...) method. Thus, the same name is used across all repositories and therefore the same username should exist across all repositories.

A developer can provide a custom implementation of IDfPrincipalSupport. An implementation is registered using the call IDfClient#setPrincipalSupport(...). A default implementation is provided by DFC that creates session by creating login tickets for users. For this functionality to work an identity that has permissions to create tickets for other users must be provided.

IDfLoginInfo superUserLi = ... IDfClient lc = .. lc.setPrincipalSupport(new DfDefaultPrincipalSupport(superUserLi));

Code Snippet

Principal Authentication