Connector for dg hyparchive - New data source

Give the new connection a Name here, and then a Description underneath. Afterwards, the URLs of the hyparchive dg connect web services are entered. The web service URLs are obtained from your hyparchive server installation. Normally these are created from the host name of the hyparchive server, the port and the name of the web service.

Examples:

https://serverhostname:8001/HypService
https://serverhostname:9001/HypRegService
https://serverhostname:10001/HypServiceStream

Access to the dg hyparchive web service normally ensues via SSL. Each URL must therefore begin with https://. In addition, the SSL certificate of the hyparchive server needs to be imported into the Intrexx License Manager. There is also the option to activate the services without a certificate, this is done by deactivating the SSL certificate check.

Authentication

The authentication methods, which the portal user will use to access hyparchive, are defined in the area Authentication.

You can choose between two options here: Simple for Username/Password authentication and Kerberos for Integrated Windows Authentication (Single Sign-On).

A Windows username and their password must be entered here for both authentication methods. This user is needed for the web service authentication when accessing from the Intrexx Portal Manager (e.g. to read the stamp definitions in hyparchive). If this user is also a registered hyparchive user, then this user will also be used for accessing the metadata and therefore needs to have the appropriate access permissions. If an internal (i.e. within hyparchive) or varying Windows user is used for the Portal Manager, this can be entered in the last section of the dialog.

Integrated Windows Authentication

The authentication method Kerberos allows you to apply a Single Sign-On Authentication within Windows domains. The following conditions must however be fulfilled:
  1. The Intrexx Portal Server must be run with the Microsoft Internet Information Server and be a member of a Windows domain.
  2. The Intrexx Portal Server must be configured for Integrated Windows Authentication and the user must be imported from the active directory.
  3. A Service Principal Name must be defined for the hyparchive dg connect WCF Server.
  4. Single Sign-On Authentication must be active for the dg connect WCF Server. Further information can be found in the dg connect WCF documentation.
  5. There must be a corresponding Windows account user for every Intrexx user, who should access hyparchive.
  6. The Integrated Windows Authentication should be activated for the client browser.
If the conditions named above are fulfilled, then the Single Sign-On can be activated in the dialog General in the hyparchive configuration.

Under Authentication choose the method Kerberos. In addition, a hyparchive Username/Password will be needed to access the metadata. In the field Service Principal Name (SPN) enter the SPN of the hyparchive dg connect server. This is usually compiled in the following way:

http/<hyparchive DNS Name>

Whereby <hyparchive DNS Name> should be replaced with the fully qualified DNS host name of the hyparchive web service Server. The host name must be identical to the host name that was entered for the URL.

After the configuration is saved, the integrated authentication will be automatically activated. When correctly configured, Intrexx portal users will automatically be logged in when accessing hyparchive files.

Should problems occur while setting up Single Sign-On, you can find additional instructions to help analyze problems with the Kerberos authentication here.