So we are using default DevTest ACL, and as a precaution, we want to prevent users from using same ID on multiple workstation instance. We believe currently ACL doesnt work that way, once a user is provided access, he or multiple people can use same credentials from multiple instances. We are looking a way to avoid such situation, ideal solution would be once a user login to one workstation, when tried from another workstation, he/she gets error.
Hi Ch3tn, as you probably know already DevTest's ACL is role-based, and our licensing model is generally based on number of concurrent users rather than a 'named user' approach.
You are correct. Once a user ID is provisioned access, DevTest does not perform actions that 'bind' a given user ID to a Workstation IP address. The audit logs provide some reporting about the actions performed by the User ID and logins are seen in the Enterprise Dashboard -- if that helps any.
Would connecting DevTest to your AD or LDAP datasource address part of your problem? DevTest can enable AD/LDAP authentication. DevTest continues to provide authorization. This technique does not bind a User ID / login to a Workstation OOTB. It does however, provide some control since users should not be sharing their User credentials with each other.
Can you explain more as to why binding a given User to a given Workstation is important vs. provisioning each User with their own unique login credentials?
I have not attempted this... You might write your own java class that implements the com.ca.dts.security.authentication.AuthenticationProviderFactory interface and then use the authentication-providers.xml in LISA_HOME to implement a custom authentication provider. You should check the Admin Guide for information about usage of the _authentication-providers.xml and _ldap-mappings.xml files. You may find that there are unwanted side effects of doing this.