- 335 Views
- 0 Comments
IBM CMOD Dev & Admin
OD Server Java classes
IBM Content Manager OnDemand - CMOD Basic - X
TimMarshal
- Post By TimMarshal
- 6 months ago
✅ Commonly Used Programming Languages with CMOD
To connect to IBM Content Manager OnDemand (CMOD) and perform operations like extracting, ingesting, and viewing content, you can use several programming languages and interfaces, depending on your integration or automation needs.
| Language | Usage Scope | Tools / Interfaces |
|---|---|---|
| Java | Most feature-rich and supported for all operations | - ODWEK Java API |
-
JDBC for DB access |
| C / C++ | Legacy integrations, high-performance tasks | - ODWEK C API -
Native CMOD SDKs |
| .NET (C#) | Windows-based apps, UI integration | - ODWEK .NET API |
| Python | Scripting, automation, ETL pipelines | - Via REST/ODWEK bridge, subprocess calls |
| Shell/Bash | Automation, bulk processing in Unix/Linux environments | - ARSLOAD, ARSXML, OD command-line tools |
| JavaScript | Web integration, content viewing | - ODWEK JavaScript libraries for browser-based access |
| PL/SQL, T-SQL| Database-level ingestion or validation | - Direct DB2/Oracle/SQL Server access |
🔗 Available Interfaces & APIs
-
ODWEK (OnDemand Web Enablement Kit) – Main SDK for Java, .NET, JavaScript, C/C++
-
ARSLOAD, ARSXML – Command-line tools for content ingestion
-
REST API Gateway – (available via custom wrappers or integration layers)
-
Direct DB Access – For metadata (not recommended for content extraction)
📦 What You Can Do
-
Ingest Content: Use ARSLOAD (command-line) or ODWEK SDKs (Java/.NET)
-
Extract/View Content: Use ODWEK APIs or browser-based access
-
Automate: Write scripts in Python, Java, Shell to control ingestion/viewing
-
Web Integration: JavaScript front-ends using ODWEK’s thin client libraries
What are the difference in authentication and authorization for IBM CMOD 8.5 and 10.5
Here’s a detailed breakdown comparing both versions 👇
🔐 1. Authentication — How users log in
| Feature | CMOD 8.5 | CMOD 10.5 |
|---|---|---|
| User Repository | Primarily OS-level or library server user definitions (local CMOD database). | Supports LDAP / Active Directory integration via ICR (IBM Content Navigator) or OpenID Connect (OIDC) in containerized deployments. |
| Login Mechanism | - Users log in using OnDemand Administrator / Client with username & password stored in the CMOD database. - Optionally, LDAP authentication could be configured via ODWEK or Content Navigator (external). | - Native federated authentication supported (SAML, OIDC, or LDAP) via Navigator/ICN or IBM Security Verify. - Containerized CMOD supports external identity providers (ADFS, Azure AD, Okta, etc.) for SSO. |
| Single Sign-On (SSO) | Limited; required integration with IBM Content Navigator or custom ODWEK configuration. | Full SSO support through ICN + OIDC/SAML, managed centrally in IBM Cloud Pak for Business Automation (CP4BA) deployments. |
| Encryption of Credentials | Basic encryption of stored passwords (ODADMIN, ARS databases). | Stronger encryption (AES-256), TLS 1.2/1.3 for all endpoints, and externalized secrets via Kubernetes secrets or Key Vaults (in CP4BA). |
| Admin Authentication | Admin users stored locally in CMOD. | Admin users can be integrated with LDAP groups or IAM providers. |
🧭 2. Authorization — What users are allowed to do
| Feature | CMOD 8.5 | CMOD 10.5 |
|---|---|---|
| Access Model | - Uses Application Groups, Applications, and Folders for defining access. - Access rules tied to CMOD-defined users and groups. | - Same base access model, but supports centralized role mapping through ICN or OpenID roles. - Permissions can map to external directory groups. |
| Security Tokens | Internal CMOD permissions managed in ARS database. | Tokens and group membership retrieved from IAM/LDAP at login; mapped to CMOD permissions. |
| Group Management | Groups defined in CMOD database or mapped from LDAP (limited). | Fully integrated LDAP/AD groups or OIDC claims can define access. |
| Auditing & Logging | Audit logs limited to internal events (ARSSVR, ARSUSE). | Enhanced auditing with IBM Cloud Pak Audit Service or syslog forwarding; more granular logging for API calls and external authentication. |
| Administrative Roles | Admins managed manually in CMOD admin tool. | Admins mapped to external IAM roles (e.g., Navigator Admins, CP4BA roles). |
⚙️ 3. Technical Integration Differences
| Component | CMOD 8.5 | CMOD 10.5 |
|---|---|---|
| ODWEK Authentication | Basic auth (username/password) or LDAP via configuration. | Supports modern OIDC tokens and JWT-based sessions when front-ended by IBM Content Navigator. |
| Content Navigator (ICN) | Optional frontend for browser access, used LDAP or WAS registry. | Mandatory in many modern deployments (especially CP4BA), with WebSphere Liberty + OIDC authentication. |
| WebSphere / Liberty Support | WebSphere Application Server (traditional). | WebSphere Liberty or Open Liberty with support for OIDC, SAML, and modern TLS. |
| Container Support | No container support; Windows/AIX/Linux only. | Fully containerized deployment via Cloud Pak for Business Automation (CP4BA). Authentication integrated with Red Hat SSO / IBM Security Verify. |
🧩 4. Common Authentication Scenarios
| Scenario | CMOD 8.5 | CMOD 10.5 |
|---|---|---|
| Direct Client Login (OD Admin/Client) | User credentials validated by CMOD server. | Still supported, but often replaced by ICN + OIDC front end. |
| Web Access (ODWEK / ICN) | Can connect to LDAP for user lookup. | Uses OIDC / SAML federated login to redirect to enterprise IdP. |
| API Access | Basic authentication via ODWEK API. | API supports token-based auth and integrates with CP4BA API Gateway for OAuth 2.0. |
🧠 5. Summary — Key Differences
| Category | CMOD 8.5 | CMOD 10.5 (Modern) |
|---|---|---|
| Authentication | Local users, LDAP optional | Federated (OIDC, SAML, LDAP) |
| Authorization | Local roles/groups | Central IAM role/group mapping |
| Security Protocols | Basic auth, TLS 1.0/1.1 | OIDC, OAuth2, SAML, TLS 1.3 |
| Deployment | On-prem, WebSphere traditional | Cloud-native (CP4BA, Liberty, Kubernetes) |
| Integration | Limited with IBM ICN | Deep ICN/CP4BA integration |
| SSO | Rare/custom | Native SSO with modern IdPs |
| Audit & Compliance | Local logs | Centralized audit via CP4BA/ELK/Syslog |
🚀 In short:
-
CMOD 8.5 = legacy authentication (usernames/passwords, limited LDAP, traditional WebSphere).
-
CMOD 10.5 = modern, secure, cloud-ready authentication with OIDC/SAML/SSO, centralized identity providers, and Kubernetes/Liberty integration.
Login To Post Your Comment