Sun Java System Identity Server 6.2
Sample
 
Main Page

Authentication Pure JAAS Sample 

PureJAASSampleLoginModule

The sample program demonstrate how to write pure JAAS module to replay callbacks by authenticating using IS Auth Remote API. It will authenticate user  by replaying the callbacks required by IS  Auth Module.  It is very easy to modify this program to use other existing or customized IS Authentication module. this sample module can be plugged in into  any standard JAAS framework using JAAS  API.
Solaris:
  1. To run the sample program on Solaris, you will need to modify/verify the following: 
  2. In Makefile
    BASE where Identity server is installed
    JAVA_HOME where Java compiler is installed
    CONFIG the entry specified in login configuration file  which should be used to do the user authentication
  3. Copy AMConfig.properties from IS server installation machine location /etc/opt/SUNWam/config from the server machine to the client machine 
  4. Keep am_services.jar, jaas.jar, jss3.jar, AMConfig.properties in your classpath on client machine. (Note: Include jaas.jar in your classpath if you are using JDK version less than JDK1.4) 
  5. A sample configuration file purejaassample.config  is provided for the testing  this sample, contains only one entry , which is 
  6. Sample {
                    PureJAASSampleLoginModule required ORG_NAME="dc=iplanet,dc=com" INDEX_NAME="LDAP" debug=true; 
            };
    This entry is named "Sample" and that is the name to be  entered for CONFIG in Makefile.,  The entry specifies that the LoginModule to be used to do the user authentication is the PureJAASSampleLoginModule  and that this SampleLoginModule is required to "succeed" in order for authentication to be considered successful.  pass options  with ORG_NAME  as orgnization name and  INDEX_NAME as IS auth module to which this sample has to authenticate .
    if different login configuration need to be used , modify Makefile  to some thing like this
    -Djava.security.auth.login.config=purejaassample.config  to -Djava.security.auth.login.config=<yourj_jaas_config_file.config>
  7. To compile, just issue gmake
  8. To run the sample program, execute gmake run


For SSL mode:

  1. Add this JVM property in the sample client program 
    • -D "java.protocol.handler.pkgs=com.iplanet.services.comm" 
  2. Edit the following property in AMConfig.properties file 
    • com.iplanet.am.admin.cli.certdb.dir=<ISinstall-dir>/SUNWam/servers/alias
    • com.iplanet.am.admin.cli.certdb.prefix=https-machine1.red.iplanet.com-machine1-
    • com.iplanet.am.server.protocol to https
    • com.iplanet.am.server.port to the appropriate port on the server machine
    where machine1 is the host name of the server


Windows2000:

  1. To run the sample program on Windows2000, you will need to modify/verify the following: 
  2. In make.bat 
    BASE where Identity server is installed
    JAVA_HOME where Java compiler is installed
    CONFIG the entry specified in login configuration file  which should be used to do the user authentication
  3. Copy AMConfig.properties from IS server installation machine location /etc/opt/SUNWam/config from the server machine to the client machine
  4. Keep am_services.jar, jaas.jar, jss3.jar, AMConfig.properties in your classpath on client machine. (Note: Include jaas.jar in your classpath if you are using JDK version less than JDK1.4)
  5. A sample configuration file purejaassample.config  is provided for the testing  this sample, contains only one entry , which is 
  6. Sample {
                  PureJAASSampleLoginModule required ORG_NAME="dc=iplanet,dc=com" INDEX_NAME="LDAP" debug=true; 
           };
    This entry is named "Sample" and that is the name to be  entered for CONFIG in Makefile.,  The entry specifies that the LoginModule to be used to do the user authentication is the PureJAASSampleLoginModule  and that this SampleLoginModule is required to "succeed" in order for authentication to be considered successful.  pass options  with ORG_NAME  as orgnization name and  INDEX_NAME as IS auth module to which this sample has to authenticate .
    if different login configuration need to be used , modify Makefile  to some thing like this -Djava.security.auth.login.config=purejaassample.config  to -Djava.security.auth.login.config=<yourj_jaas_config_file.config>
  1. To compile, just issue make.
  2. To run the sample program, execute make run.


For SSL mode:

  1. Add this JVM property in the sample client program 
    • -D "java.protocol.handler.pkgs=com.iplanet.services.comm" 
  2. Edit the following property in AMConfig.properties file 
    • com.iplanet.am.admin.cli.certdb.dir=<ISinstall-dir>\SUN\IdentityServer6\Servers\alias
    • com.iplanet.am.admin.cli.certdb.prefix=https-machine1.red.iplanet.com-machine1-
    • com.iplanet.am.server.protocol to https
    • com.iplanet.am.server.port to the appropriate port on the server machine
    where 'machine1' is the host name of the server


For the details, please reference the Remote Client API Java Docs.
For the details, on how to plugin Login Module into standard JAAS Context see JAAS Reference Guide