Configure Hyperion Membership Provider : FormWork Support Center

Hyperion Membership Provider is an authentication provider that allow to validate users (username + password) on Shared Service, as an alternative to the built-in validation provided by default on Asp.net.

At every login, the provider try to authenticate the user in Shared Server. On failure, it queries the local user database, so to allow a mixed authentication (Hyperion users + local users) and to preserve the functionality of the built-in provider.

While importing each user information such as username, first name, last name, email etc etc the provider does not store passwords in the local tables, which are therefore exclusively in Shared Service.

The provider has two applications: a JSP page that exposes a REST API that is queried by a DotNetNuke module to be installed at the FormWork portal (found in the annexes) and a schedulable task to synchronize periodically remote users with the local ones.

Operating Notes

The provider can import users from Shared Service in the local metadata database. The imported users are contained in the Hyperion groups from which you choose to start with the import (see later in this document).

Please note the following points

In case of same names with local users or local roles, Shared Service values will be used.
Every Hyperion group is mapped as a Role.
The deletion feature affects only users whose Display Name contains '(Hyperion)' or whose Role description begins with 'Hyperion'.
Membership in a newly created Role in FormWork depends on the user's membership to a Hyperion Shared Services group.
Shared Services groups can be in hierarchy. During import phase the hierarchy is flattened, on a single level, united by the Role Group 'Hyperion'
Users belonging to a more than zero level will also belong to the corresponding roles that the system creates for the child groups.

Installation

JSP Page

The JSP Page, whose content you can see at the end of this article, is saved on the web applications root folder in the server that hosts the workspace.

If your Hyperion version is less than Oracle 11.1.2.1, the webapp is run by Tomcat and the root folder is like {Hyperion root}\deployments\Tomcat5\Workspace\webapps\workspace

If you have a newer version of Hyperion, the webapp is run by a Web Logic server, you can find installation info in this guide.

DotNetNuke Module

The provider will install as a DotNetNuke extension:

Log in FormWork portal as SuperUser (host)
Surf to Host --> Extensions
Click "Install Extension Wizard" bottom page
Select the zip file containing the provider (present in {web_site_root}/DesktopModules/HyperionMembershipProvider/HyperionAuthenticationProvider_distr.zip)
Click Next
Accept the Licence Agreement
Click Return

Configuration

Log in FormWork portal as SuperUser (host)
Surf to Admin --> Portam Management --> Extensions
The installed provider is in the extensions group 'Authentication System'. Click the blue pen to the left of the provider Hyperion
Fill in the required fields according to the following specifications:

JspLocation: it indicates the complete JSP URL (please check the URL using the button 'Test connection')
Username: the username that interrogates the Shared Services repository
Password: the user password
GroupList: a list of groups Hyperion separated by semicolon (ex: 'Administrators; Sales; CC') you want to dump.

Save the configuration ('Update Authentication Settings')

The gui shows the read-only properties:

Active: it indicates wether the provider is the authentication method actually used
IsScheduled: it indicates if there is an operation to schedule the syncronization

First Use

Complete the Configuration step
Make sure you can connect properly to the JSP through the button 'Test connection'
Import users and groups through the button 'Import Hyperion users'
Check that the import was successful and that the result is what you expect
Activate the provider through the manual edit of the web.config as follows:

Under configuration / system.web change the node membership by changing the attribute defaultProvider in "HyperionMembershipProvider" and inserting in the child node providers the following two nodes:

<add name="HyperionMembershipProvider"

type="HyperionMembershipProvider.HyperionMembershipProvider, HyperionMembershipProvider"

connectionStringName="SiteSqlServer"

applicationName="DotNetNuke"

description="Stores and retrieves membership data from Hyperion Shared Services and local SQL Server database"/>

Test a log in using an imported user.

Scheduling

Once the provider is installed, you can schedule the Hyperion user and groups synchronization using the portal scheduler and the available task.

In order to schedule the sync (Drop & Create of users and roles) you need to create a new schedule task as follows:

Log in as SuperUser
Surf Host --> Schedule
Click 'Add item to schedule'
Fill the form.

The field 'Full Class Name and Assembly' must be ‘HyperionMembershipProvider.HyperionSchedulableSyncronization, HyperionMembershipProvider’

Uninstall

Log in as SuperUser
Ensure that the provider is not the default authentication provider (not set as Active) restoring the original web.config.
Delete any scheduled tasks for the automatic import.
Surf Host --> Extensions
Click the red cross near the provider
Tick ‘Delete files’
Click Next to uninstall
Click Return to end the uninstall

Appendix ( web.config before and after the activation of the provider)

Before:

[...]

<system.web>

</providers>

</membership>

</system.web>

[...]

</configuration>

After:

[...]

<system.web>

<add name="HyperionMembershipProvider"

type="HyperionMembershipProvider.HyperionMembershipProvider, HyperionMembershipProvider"

connectionStringName="SiteSqlServer"

applicationName="DotNetNuke"

description="Stores and retrieves membership data from Hyperion Shared Services and local SQL Server database" />

</providers>

</membership>

</system.web>

[...]

</configuration>

JSP

HyperionMemb...
( 10.4 KB )

Configure Hyperion Membership Provider Print

Scheduling

Related Articles