• Sun Java System Identity Server 2004Q2
  • Sample
  •  
  • Main Page
  • MSISDN Auth Module

  • This document explains how to compile, deploy and run the MSISDN Auth Module program. 
  • About MSISDN Auth Module

  • The MSISDN authentication module will make it possible to perform non-interactive authentication based upon the unique ID of a particular handset. (The unique ID of the handset could be its MSISDN.  It will be possible to determine the "user" based on the MSISDN).  MSISDN might not be sent in the HTTP request to protect users' privacy. But, the wireless carriers or an agreement with the carriers can enable the forwarding of the MSISDN number in the HTTP request. Forwarding the number is also not a standard, Nokia WAP gateways forward it in the X-Nokia-MSISDN header, UP gateway use the Cookie header, Ericsson uses the query string and Kannel gateway (on POSTs) forwards it in the body. So, this Auth module has configuration information to specify if the MSISDN is in the header, query string or in the body AND the name of the header, Query string name or the argument in the body.
  • On Solaris
  • Steps to compile the MSISDN Auth Module program on Solaris
    • Set the following variables in the Makefile. This Makefile is in the same directory ("<install-root>/SUNWam/samples/authentication/spi/msisdn") as the MSISDN Auth Module program files.
      • JAVA_HOME

      • Set this variable to your installation of JDK. The JDK should be newer than JDK 1.3.1.
      • CLASSPATH

      • Set this variable to refer to the  following jars found in the <install-root>/SUNWam/lib directory. 
        am_services.jar, am_sdk.jar,  servlets.jar
        (Note: Include jaas.jar in your classpath if you are using JDK version less than JDK1.4)
      • BASE_CLASS_DIR

      • Set this variable to the directory where all the Sample compiled classes are located.
      • JAR_DIR

      • Set this variable to the directory where the JAR files of the Sample compiled classes will be created.
    • Go to the <install-root>/SUNWam/samples/authentication/spi/msisdn" directory and run gmake.
  • Steps to deploy the MSISDN Auth Module program
    • Copy MSISDN.jar from JAR_DIR to <install-root>/SUNWam/web-src/services/WEB-INF/lib
    • Update classpath with MSISDN.jar in the Web Container  from which this sample has to run. For use with Sun ONE Webserver, go to server instance's config directory  /<WS-home-dir>/https-<WS-instance-name>/config/. For Sun ONE App Server <AS-home-dir>/domain/domain1/server1/config/ and update server.xml with new classpath.for all other containers consult their documentation
    • Copy MSISDN.xml from <install-root>/SUNWam/samples/authentication/spi/msisdn/ to <install-root>/SUNWam/web-src/services/config/auth/default.
    • Modify amAuthMSISDN.xml (available in <install-root>/SUNWam/samples/authentication/spi/msisdn) to provide proper ORG_BASE. It should be the root suffix of the Identity Server.
    • Import amAuthMSISDN.xml (available in <install-root>/SUNWam/samples/authentication/spi/msisdn) using amadmin to load iPlanetAMAuthMSISDNService 
      • cd <install-root>/SUNWam/bin
      • ./amadmin --runasdn uid=amAdmin,ou=People,<default_org>,<root_suffix> --password <password> --schema amAuthMSISDN.xml
    • Copy amAuthMSISDN.properties (available in <install-root>/SUNWam/samples/authentication/spi/msisdn) to <install-root>/SUNWam/locale
    • Update the ldap schema with <install-root>/SUNWam/samples/authentication/spi/msisdn/amAuthMSISDN.ldif using 'ldapmodify' command in LDAP Server

    • e.g. <install-root>/SUNWam/bin/ldapmodify -h <dshostname> -p <dsport> -D "<ldapbinduser>" -w <ldabinddn> -v -f <install-root>/SUNWam/samples/authentication/spi/msisdn/amAuthMSISDN.ldif
    • Redeploy services war file by running corresponding install script depending upon the web container on which these samples are deployed. For example, if samples are deployed on Sun(tm) ONE App Server7.0, run amas70config, for Sun(tm) ONE Web Server run amws61config script found under <install-root>/SUNWam/bin
    • Restart web container (e.g  /<WS-home-dir>/https-<WS-instance-name>/start, /<AS-home-dir>/domains/domain1/server1/bin/start for Sun ONE Web Server and Sun ONE App server respectively)
  • Steps to load MSISDN Auth module into Identity Server
    • Using IS Admin Console.
      • Login to Identity Server Console as amadmin, using the URL: http://<host>.<domain>:<port>/<Console-Deploy-URL> 
      • Select "Service Configuration" frame "Service Configuration" frame select "Core" within "Authentication" 
      • Add class file name com.iplanet.am.samples.authentication.spi.msisdn.MSISDN to "Pluggable Auth Modules Classes"
      • Click on save button to save the changes in console.
    • Using commandline (amadmin)
      • Write a sample.xml file as shown below, which will add MSISDN auth module entry into allowed modules, authenticators list.
        • <!--
                Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved
               Use is subject to license terms.
          -->
           <!DOCTYPE Requests
                PUBLIC "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN"
               "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
           >
          <Requests>
              <SchemaRequests serviceName="iPlanetAMAuthService"
           SchemaType="Organization">
                <AddChoiceValues>
                  <AttributeValuePair>
                    <Attribute name="iplanet-am-auth-allowed-modules"/>
                    <Value>MSISDN</Value>
                  </AttributeValuePair>
                </AddChoiceValues>
              </SchemaRequests>
              <SchemaRequests serviceName="iPlanetAMAuthService" SchemaType="Global">
                <AddDefaultValues>
                 <AttributeValuePair>
                    <Attribute name="iplanet-am-auth-authenticators"/>
           <Value>com.iplanet.am.samples.authentication.spi.msisdn.MSISDN</Value>
                  </AttributeValuePair>
                </AddDefaultValues>
              </SchemaRequests>
          </Requests>
      • Load sample.xml via amadmin 
        • cd <install-root>/SUNWam/bin.
        • /amadmin --runasdn uid=amAdmin,ou=People,<default_org>,<root_suffix> --password <password> --data sample.xml
  • Steps to run the MSISDN Auth Module program
    • Log in to the Identity Server console by entering the URL http://<host>.<domain>:<port>/<Console-Deploy-URI>
    • Select the "Identity Management" view.
    • Select your organization and select services from the "Show" menu.
    • Click on "Register", select "MSISDN" authentication on right side and click "Register" to register MSISDN Auth Service.
    • Click on the "MSISDN Authentication" properties.
    • Click on "Create" to create a template for MSISDN Auth Service.
    • Fill the required field such as Trusted Gateway IP Address, MSISDN Number Argument, LDAP Server Principal User id and password and save the changes. If MSISDN Number need to be passed in cookie the cookie name should be specified in Cookie:<cookie_name> syntax.
    • Click on the "Identity Server Core Authentication" properties.
    • Select "MSISDN" in "Allowed Authentication Modules" in the "Organization Authentication Modules"list. 

    • Note : Do not de-select LDAP auth module 
    • Click "Submit" to save changes and log out.
    • Enter the URL http://<host>.<domain>:<port>/<Service-Deploy-URI>/UI/Login?module=MSISDN&org=<org_url_query>.
  • On Windows2000

  • Steps to "compile" the MSISDN Auth Module program on Windows2000
      • Set the following environment variables. These variables will be used to run the make command. You can also set these variables in the Makefile. This Makefile is in the same directory (<install-root>\samples\authentication\spi\msisdn) as the MSISDN Auth Module program files.
        • JAVA_HOME
        • Set this variable to your installation of JDK. The JDK should be newer than JDK 1.3.1.
        • BASE
        • Set this variable to <install-root>
        • CLASSPATH
        • Set this variable to refer to the  following jars found in the <install-root>/SUNWam/lib directory. 
        • am_services.jar, am_sdk.jar,  servlets.jar
        • (Note: Include jaas.jar in your classpath if you are using JDK version less than JDK1.4)
        • BASE_CLASS_DIR
        • Set this variable to the directory where all the Sample compiled classes are located.
        • JAR_DIR
        • Set this variable to the directory where the JAR files of the Sample compiled classes will be created.
      • Go to the <install-root>/samples/authentication/spi/msisdn directory and run make.
    Steps to deploy the MSISDN Auth Module program
      • Copy MSISDN.jar from JAR_DIR to <install-root>/SUNWam/web-src/services/WEB-INF/lib
      • Update classpath with  MSISDN.jar  in the Web Container  from which this sample has to run. 
      • Copy MSISDN.xml from <install-root>/SUNWam/samples/authentication/spi/msisdn/ to <install-root>/SUNWam/web-src/services/config/auth/default.
      • Modify amAuthMSISDN.xml (available in <install-root>/SUNWam/samples/authentication/spi/msisdn) to provide proper ORG_BASE. It should be the root suffix of the Identity Server.
      • Import amAuthMSISDN.xml (available in <install-root>/SUNWam/samples/authentication/spi/msisdn) using amadmin to register iPlanetAMAuthMSISDNService 
        • cd <install-root>/SUNWam/bin
        • ./amadmin --runasdn uid=amAdmin,ou=People,<default_org>,<root_suffix> --password <password> --schema amAuthMSISDN.xml
      • Copy amAuthMSISDN.properties (available in <install-root>/SUNWam/samples/authentication/spi/msisdn) to <install-root>/SUNWam/locale
      • Update the ldap schema with <install-root>/SUNWam/samples/authentication/spi/msisdn/amAuthMSISDN.ldif using 'ldapmodify' command in LDAP Server

      • e.g. /<install-root>/SUNWam/bin/ldapmodify -h <dshostname> -p <dsport> -D "<ldapbinduser>" -w <ldabinddn> -v -f <install-root>/SUNWam/samples/authentication/spi/msisdn/amAuthMSISDN.ldif
      • Redeploy servies war file by running corresponding install script depending upon the web container on which these samples are deployed. for example if samples are deployed on Sun(tm) ONE App Server7.0, run amas70config, for Sun(tm) ONE Web Server run amws61config script found under <install-root>/SUNWam/bin
      • Restart web container (e.g  /<WS-home-dir>/https-<WS-instance-name>/start, /<AS-home-dir>/domain/domain1/server1/bin/start for Web Server and App server respectively)
    • Steps to load MSISDN Auth module into Identity Server
      • Using IS Admin Console.
        • Login to Identity Server Console as amadmin, using the URL: http://<host>.<domain>:<port>/<Console-Deploy-URL> 
        • Select "Service Configuration" frame "Service Configuration" frame select "Core" within "Authentication" 
        • Add class file name com.iplanet.am.samples.authentication.spi.msisdn.MSISDN to "Pluggable Auth Modules Classes"
        • Click on save button to save the changes in console.
      • Using Commandline (amadmin)
        • Write a sample.xml file as shown below, which will add MSISDN auth module entry into allowed modules, anauthenticators list.

        • <!--
                Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved
               Use is subject to license terms.
          -->
           <!DOCTYPE Requests
                PUBLIC "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN"
               "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
           >
          <Requests>
              <SchemaRequests serviceName="iPlanetAMAuthService"
           SchemaType="Organization">
                <AddChoiceValues>
                  <AttributeValuePair>
                    <Attribute name="iplanet-am-auth-allowed-modules"/>
                    <Value>MSISDN</Value>
                  </AttributeValuePair>
                </AddChoiceValues>
              </SchemaRequests>
              <SchemaRequests serviceName="iPlanetAMAuthService" SchemaType="Global">
                <AddDefaultValues>
                 <AttributeValuePair>
                    <Attribute name="iplanet-am-auth-authenticators"/>
           <Value>com.iplanet.am.samples.authentication.spi.msisdn.MSISDN</Value>
                  </AttributeValuePair>
                </AddDefaultValues>
              </SchemaRequests>
          </Requests>
        • Load sample.xml via amadmin 

        • cd <install-root>/SUNWam/bin.
          /amadmin --runasdn uid=amAdmin,ou=People,<default_org>,<root_suffix> --password <password> --data sample.xml
    • Steps to "run" the Login Module Sample program
      • Log in to the Identity Server console by entering the URL http://<host>.<domain>:<port>/<Console-Deploy-URI>
      • Select the "Identity Management" view.
      • Select your organization and select services from the "Show" menu.
      • Click on "Register", select "MSISDN" authentication on right side and click "Register" to register MSISDN Auth Service.
      • Click on the "MSISDN Authentication" properties.
      • Click on "Create" to create a template for MSISDN Auth Service.
      • Fill the required field such as Trusted Gateway IP Address, MSISDN Number Argument, LDAP Server Principal User id and password and save the changes. If MSISDN Number need to be passed in cookie the cookie name should be specified in Cookie:<cookie_name> syntax.
      • Click on the "Identity Server Core Authentication" properties.
      • Select "MSISDN" in "Allowed Authentication Modules". (Do not deselect LDAP) in the "Organization Authentication Modules"list. 

      • Note : Do not de-select LDAP auth module 
      • Click "Submit" to save changes and log out.
      • Enter the URL http://<host>.<domain>:<port>/<Service-Deploy-URI>/UI/Login?module=MSISDN&org=<org_name>.