Skip to main content
Previous sectionNext section

Example Three: Delegated Authentication

In this example you configure and test delegated authentication for Terminal. The example involves the following code files that you must install into Caché:

  • CreateDelegatedUser.cls — A Zen page for creating users. It stores a username and password in a global named MYUSERS. The class definition is included in Zen_Authenticate.xml, which contains Zen code for other examples in this tutorial.

  • ZAUTHENTICATE.mac — A delegated authentication routine that checks the MYUSERS global for the user name and password that the user enters when attempting to access Caché. This routine is stored in ZAuth.xml.

Here is the ZAUTHENTICATE routine:

ZAUTHENTICATE(ServiceName,Username,Password,Properties) PUBLIC {
 #include %occErrors
 set $ZTrap="Error"
 set Name=$ZConvert(Username,"U")
 set Name=$piece(Username,"@",1)
 set UserRecord=$get(^MYUSERS(Name))
 if (UserRecord="")
 {
 quit $SYSTEM.Status.Error($$$UserDoesNotExist,Username)
 }
 if ($SYSTEM.Encryption.SHA1Hash(Password)'= $List(UserRecord,1)) 
 {
 quit $SYSTEM.Status.Error($$$UserInvalidPassword)
 }
 set Properties("FullName")=$piece(UserRecord,",",2)
 set Properties("Comment")=""
 set Properties("Roles")="%All"
 set Properties("NameSpace")=""
 set Properties("Routine")=""
 set Properties("Password")=Password
 set Properties("Username")=Name
 quit $SYSTEM.Status.OK()
Error
 set $ZTrap=""
 quit $SYSTEM.Status.Error(5002 /*$$$CacheError*/,$ZError)
}
        
Copy code to clipboard

The code does the following:

  • Searches MYUSERS for the user name entered by the user.

  • If MYUSERS contains the entered user name, it retrieves the user's information and continues. If not the routine quits with an error.

  • It compares the password value stored in MYUSERS with the password entered by the user. Note that the password is hashed before being stored. If the values match, then the routine continues. If not, the routine quits with an error.

  • For valid users, it stores user information into the Properties array. Caché retrieves the information from the array. You can view it in the Management Portal.

Note:

Both Zen_Authenticate.xml and ZAuth.xml are in install-dir\Dev\tutorials\security.