Server authentication

To prevent unauthorized service management of the Service Virtualization Server, you can limit access to the server through user authentication.

Service Virtualization user groups

During installation of the Service Virtualization Server, built-in user groups are created on the server. These groups grant various levels of access to a Service Virtualization Server, or its resources, such as virtual services and agents, as follows:

User Group Permissions
SV Operators

View virtual services deployed on the Service Virtualization Server.

Note: SV Operators can view only partial agent configuration information.

SV Publishers

SV Publishers have the same viewing permissions as SV Operators. In addition, they can create, configure, and use virtual services, and have full access to services they own. This includes:

  • Switching service simulation modes
  • Unlocking services
  • Deploying services (deploy, undeploy, update)

Note: SV Publishers can view only partial agent configuration information.

SV Runtime Administrators

View, create, configure, and delete agent configurations on the Service Virtualization Server.

Note: Runtime Administrators do not have permissions for viewing or managing services.

SV Server Administrators
  • Full access to Server resources
  • Modify Server access permissions

Example: Managing access permissions:

You can also manage group membership using the Service Virtualization Management interface.

In addition, you can manage access permissions to individual resources on the Service Virtualization Server, such as virtual services.

For details on Service Virtualization Management, see Service Virtualization Management.

SVM Users

Log in to Service Virtualization Management.

For details, see Get Started with Service Virtualization Management.

Guidelines

  • You can modify permissions for specific users by adding them to, or removing them from, these groups.

    Note: If a user is part of multiple groups, that user has all permissions associated with any of the groups. For example, if Group A has Read permissions and Group B has Write permissions, a user who is a member of both Group A and Group B has both Read and Write permissions.

    However, permissions assigned individually to a user override whatever permissions are given by the user's groups. For example, if a user is added to a permissions list and given only Read permissions, that user does not have Write permissions even if he is in a group whose members have Write permissions.

    When you create or combine groups, make sure to keep track of the permissions granted to each group, as well as each member's individual permissions.

  • A user who is not assigned to any of the groups cannot view any agent data or any services deployed on the server.

  • Service Virtualization enforces access permissions only when server authentication is enabled.

  • The groups are created regardless of whether the Server authentication option is selected during the Server installation. This enables you to reconfigure at a later stage. For details on changing authentication options, see Changing server security settings.

  • Uninstalling or reinstalling Service Virtualization does not affect these groups. Your changes to group membership are maintained between installations.

  • Every authenticated Windows user has access to /ping and /info resources. This does not depend on Service Virtualization authentication.

Back to top

Server access permissions

You can view access permissions to a Service Virtualization Server and its resources using the Service Virtualization Management interface.

If you are a member of the SV Server Administrators group, or the creator of a resource, you can also add and configure permissions for additional users and groups.

Note: You cannot delete the built-in Service Virtualization user groups from the server or from a server resource, or modify the permissions.

For more details on Service Virtualization Management, see Service Virtualization Management.

Back to top

Authentication Provider configuration

This section describes how to configure basic authentication.

By default, Service Virtualization Server and Service Virtualization Management use basic authentication, accessing user data stored in the following locations:

  • Windows. Windows system accounts (Windows Active Directory)

  • Linux. File specifying users and Access Control Lists (ACL)

To define basic authentication:

  1. In an editor, open the Service Virtualization Server configuration file ([INSTALLLOCATION]\Server\bin\HP.SV.StandaloneServer.exe.config) file.

  2. Define the membershipProviderConfiguration element:

    Note: The following table provides details for both basic and LDAP authentication (marked accordingly).

    Attribute Description
    membershipProvider

    Type of authentication.

    Supported values:

    • Basic authentication: Windows, UsersFile

    • LDAP authentication: Ldap

    Note: If you specify Ldap, you must configure the ldapMembershipProviderConfiguration element, as described in Server authentication. This enables you to use LDAP authentication instead of basic authentication.

    loginUsernameTitle

    The label of the user name field in the Service Virtualization Management login page, for example:

    • Basic authentication: Windows user name

    • LDAP authentication: <Company> email address

    By providing a hint in the label, users are more likely to enter the correct credentials. This is especially useful in companies where users use different credentials to log on to various corporate applications.

    cachedLogonTokenLifetime

    Time after which changes, such as user or password cache deactivation, take effect.

    Format: hh:mm:ss

    When a user logs on successfully, the user data is cached to reduce communication with the authentication server (LDAP, Windows Active Directory).

Example for basic authentication in Windows:

<membershipProviderConfiguration 
	membershipProvider="Windows"
	loginUsernameTitle="Windows user name"	
	cachedLogonTokenLifetime="00:01:00"/>

Back to top

See also: