Files > REMOTE APPLICATION

name

REMOTE APPLICATION

number

8994.5

location

^XWB(8994.5,

description

The REMOTE APPLICATION file was introduced as part of the Broker Security Enhancement to secure access via the remote user or visitor approach by GUI applications (formerly known as the CAPRI approach for the first application to use this access style). The remote visitor access permits applications where users need to access a large number of sites to do so without requiring a separate access code and verify code at each site. Following the Broker Security Enhancement, applications will be able to use the remote visitor access only if they have an entry in this file with a one-way hash of a secure phrase. Identification of an entry in the file is based on the application passing in the original phrase which is then hashed and used for a cross-reference lookup. The application must have at least one entry in the CALLBACKTYPE sub-file indicating a connection type, a valid address for the authenticating server, and a connection port number. This information is necessary for the remote server to directly connect the authenticating server to obtain the demographic information necessary to create or match the visitor entry in the NEW PERSON file (#200). The application will also specify the desired context option for the user and this will be given to the remote visitor instead of the application having to figure out how to set this value.

Fields

#	Name	Location	Type	Details	Index	Description
.01	name(+)	0;1	FREE TEXT		B	This is the NAME of the REMOTE GUI APPLICATION for which the data in this entry pertains.
.02	contextoption(+)	0;2	POINTER	19		The name of the context (Client/Server or B-type) option that the application users will need that will be added as a secondary menu item. The user is signed on as a visitor and given the Context Option specified in this field as a secondary menu option. The application still needs to set the Context Option using the CreateContext method, but the visitor has it as a valid option so that it can be used.
.03	applicationcode(+)	0;3	FREE TEXT		ACODE	This is the hashed value for a security phrase for the application and is described below. Security Phrase The security phrase is an application's entry into the REMOTE APPLICATION file (#8994.5) for accessing the information necessary to permit the application to enroll a remote user. Create a security phrase, case sensitive, and at programmer mode use the command (assuming the security phrase is "My Special Phrase") W $$EN^XUSHSH("My Special Phrase") The resulting value: "I&f).c`u:7@01#tL((x" This is the one-way hash value for the security phrase. It is this hashed value that will be entered into the ApplicationCode field (#.03) in the REMOTE APPLICATION file (#8994.5) for the application. To make a remote connection, the application will have the user sign onto the application's authenticating server (the one entered as CallbackServer) and then obtain a Token for the user (similar to "XWBHDL977-124367_0") using the "XUS SET VISITOR" RPC. The application will then disconnect from the authenticating server and set the new SecurityPhrase property for the TRPCBroker component to the unhashed security phrase concatenated with a caret ("^") and the token for the user (e.g., "My Special Phrase^XWBHDL977-124367_0") This property will be encoded and passed to the remote server for authentication; it will hash the security phrase and use the resulting value to identify the application's entry in the REMOTE APPLICATION file (#8994.5). The mechanism(s) for contacting the authenticating server will be identified and the authentication server will be requested to provide the demographic information necessary to identify the user and create or match an entry in the NEW PERSON file (#200) based on the token provided. With this information the user will be set up as a visitor entry and provided the context option specified. The application will then be notified that the user is connected. If there is no entry for the application, no match for the token, or the authenticating server can not be connected, the user will be prompted with a regular sign on screen (i.e., required to enter their Access and Verify codes). Since the security phrase is the application's identifier, we recommend that the security phrase in RPCBroker Delphi-based programs be identified as a const value in an include file. And that a substitute include file containing a phrase similar to that used above be included with release of the source code. It must be realized that the security phrase identifies any application that uses it as your application, and it would, of course, be desirable that rogue applications not appear to be your application.
1	callbacktype	1;0	MULTIPLE	8994.51		This is a multiple field. It may contain multiple values describing mechanisms by which the remote site can contact the application's authenticating site to obtain the demographic information. It consists of the following subfields: .01 CALLBACKTYPE .02 CALLBACKPORT .03 CALLBACKSERVER .04 URLSTRING