The Validation Agent for a Web Application User
For web applications, user credentials like passwords can be validated in three different ways.
In the Application Users window in the Authorizer, you can set the Validation Agent for a user to RDBMS, USoft, or External Service:
Here is a description of the three most important validation agents:
*This assumes that password management is an issue for the DBA of the application database, as is the case for USoft client/server applications.
For a web application, this is NOT recommended because of performance and security reasons.
This policy offers simple password management via the Authorizer combined with well-performing password validation.
This external service can be the Web server or a dedicated security server, for example an RSA tokens server.
If required, an RDMI component can be defined to communicate with the external service by adding an application RDMI component. This component must be named "ExternalService" and must support a validateCredentials method. The method will be called for each validation request with six arguments: the Validation Agent specified in the Authorizer ("ExternalService"), the user group, the password stored for the user, the user name, the user specified password, and an optional parameter for additional credentials-related data like an IP number.