The Validation Agent for a Web Application User

For web applications, user credentials like passwords can be validated in three different ways.

In the Application Users window in the Authorizer, you can set the Validation Agent for a user to RDBMS, USoft, or External Service:

Here is a description of the three most important validation agents:

1.	If the Validation Agent for a user is set to RDBMS, all authentication requests are forwarded to the RDBMS, which stores and validates all passwords.

*This assumes that password management is an issue for the DBA of the application database, as is the case for USoft client/server applications.

IMPORTANT:

For a web application, this is NOT recommended because of performance and security reasons.

2.	If the Validation Agent for a user is set to USoft, USoft stores and validates the password for this user.

This policy offers simple password management via the Authorizer combined with well-performing password validation.

3.	If the Validation Agent is set to External Service, an external service validates passwords.

This external service can be the Web server or a dedicated security server, for example an RSA tokens server.

If required, an RDMI component can be defined to communicate with the external service by adding an application RDMI component. This component must be named "ExternalService" and must support a validateCredentials method. The method will be called for each validation request with six arguments: the Validation Agent specified in the Authorizer ("ExternalService"), the user group, the password stored for the user, the user name, the user specified password, and an optional parameter for additional credentials-related data like an IP number.