Contents

Introduction
Credential Parameters
Using Credentials in Connection Strings

Introduction

Credentials may be used with Data Links and Web Service Providers to store login and related information for external information systems. Each Credential record can store up to 5 credentials. The credential records may be mapped to CATSWeb users or groups of users. A link to manage Credentials is automatically added to the Special Functions section of the Manage page when the External Data Connections or Web Service Data Links optional features are installed.

For example, a SQL Data Link may include a connection string that points to an external ERP system. Connection strings typically include login information, such as a user name and password. Although the connection string could be specified with a fixed user name and password that is shared by all CATSWeb users when connecting to the ERP system, administrators may prefer that each CATSWeb user connect to ERP using their own user name and password. Since a person's ERP user name and password are likely not the same as their CATSWeb name and password, substitutions re needed. The Credentials feature may be used for this purpose, via the technique described below.

Credentials may also be used with Web Service Providers. At runtime, the Web Service Provider receivea a copy of the Session Record from CATSWeb, and may use the information in the session record (Employee ID, Employee Name, Department, etc.) to lookup credentials for the user. These credentials may then be transmitted to the Web Service for authentication and identification purposes.

Credential Parameters

Credentials have the following parameters:

• Credential Type - An arbitrary type that may be used to classify sets of credentials (ex: "ERP Credentials").
  
  
• Credential Key - An alphanumeric reference to a particular credential (100 characters max). If credentials are defined on a per-user basis, this value may be the CATSWeb Employee ID or Employee Name. If could also be the CATSWeb Department, Home Department, Personality, etc. if defined on some other basis.
  
  
• Credential 1-n - Credential values that may be used for any purpose. For example, Credential 1 could be used to store the user name for ERP access, while Credential 2 could be used to store the password.
  

Using Credentials in Connection Strings

Credentials may be substituted into connection strings using bracketed expressions in this format:

• [CR|CredentialType|CredentialKey|CredentialField|CredentialKeyIfNotFound (optional)]

The bracketed expression is actually a special fill specification that performs credential lookups. The fill specification is comprised of several values delimited by single pipe ("|") characters. The values are used as follows:

• CR - These two characters must appear literally as the first value, and designates the type of the fill specification ("CR" = CWEB_SRCTYPE_CREDENTIAL$ = Credential Reference).
• CredentialType - This value specifies the Credential Type field value of the Credential record to look up and use (ex: "ERP Credentials").
• CredentialKey - This value specifies the Credential Key field value of the Credential record to look up and use. It may be specified as a literal value (ex: "John Smith"), or may use a token (variable) so as to substitute a value from the user's session record (ex: "{My Name}", "{My Home Department}", etc.).
• CredentialField - The name of the field in the Credential record that contains the value being looked up. One of the following literal field names: "Credential1", "Credential2", "Credential3", "Credential4" or "Credential5".
• CredentialKeyIfNotFound - This value is optional and provides a means of specifying a secondary Credential Key field value that will be used to perform the lookup only if the main lookup using CredentialKey fails.
  
  For example, suppose there are 1000 users in the CATSWeb system, and the system administrator only wants 15 of them to connect to ERP using user-specific credentials. The remaining 985 users are to connect to ERP using a shared account. The administrator can enter a Credential record for the shared ERP account with "Shared Account" specified in the record's Credential Key field. 15 additional Credential records are entered with the CATSWeb Employee Employee Name of the person in the Credential Key field of their record. This expression can then be used in a connection string:
  
  
  • [CR|ERP Credentials|{My Name}|Credential1|Shared Account]