Authentication and Authorization

Authentication

Kodiak Derivatives uses Windows Authentication to authenticate the user. It authenticates the user using either OMS Token Dealer or via the livemarketdata user system.

OMS Token Dealer

If client is configured to use the OMS Token dealer, the client will send the Active Directory username of the logged in user opening the client to the OMS Token Dealer who will request a token on you behalf using the lmd username registered on your user in the OMS system. It will then return the token for authentication in the Derivatives Client.

Configuration is set by setting the UserSystemUrl appsetting as

*note: For technical reasons, the UserSystemUrl appsetting must match the TokenDealerUrl appsetting in the file appsettings.config usually located at C:\KodiakOrderEntryServer\Config\Environment

UserSystem

If client is configured to use the user system, the client will request a token directly from the user system using the supplied username and password. The user system will return a token if user is authenticated for authentication in the client.

Configuration is set by setting the UserSystemUrl appsetting as

*note: As the derivatives service uses windows authentication, the user still needs to be an AD user on the server running the service.

Authorization

Authorization is set in two places, both in the user system and in the Kodiak admin page.

In the user system that user must have the Derivatives system and at least level 1 marked data subscription.

The user needs to exist in the Kodiak admin page with Derivatives authorization

*note. If the Derivatives Access setting does not appear, you need to change the HasDerivatives appsetting in the adminx system to true like this