Sun Java System Access Manager 2005Q1 
Sample 
 

Main Page

Authentication Pure JAAS Sample 

PureJAASSampleLoginModule

The sample program demonstrate how to write pure JAAS module to replay callbacks by authenticating using Access Manager Auth Remote API. It will authenticate user  by replaying the callbacks required by Access Manager  Auth Module.  It is very easy to modify this program to use other existing or customized Access Manager Authentication module. this sample module can be plugged in into  any standard JAAS framework using JAAS  API.

PRODUCT_DIR setting on different Platforms:

  • Solaris Sparc/x86 : PRODUCT_DIR = <install_root>/SUNWam

  • Linux             : PRODUCT_DIR = <install_root>/sun/identity

CONFIG_DIR setting on different Platforms:

  • Solaris Sparc/x86 : CONFIG_DIR = /etc/opt/SUNWam/config
  • Linux             : CONFIG_DIR = /etc/opt/sun/identity/config
  • W2K               : CONFIG_DIR = <install_root>\lib


Running Sample on Solaris Sparc x86, Linux:

  1. Modify/Verify the Makefile for the following variables: 

    In Makefile

BASE

where Access manager is installed


JAVA_HOME

where Java compiler is installed

CONFIG

the entry specified in login configuration file  which should be used to do the user authentication

  1. Copy AMConfig.properties from Access Manager server installation machine location <CONFIG_DIR> to the client machine where the sample will be run.

  2. Keep am_services.jar, jaas.jar, jss3.jar, AMConfig.properties in your classpath on client machine. (Note: Include jaas.jar in your classpath if you are using JDK version less than JDK1.4) 

  3. A sample configuration file purejaassample.config  is provided for the testing  this sample, contains only one entry , which is 

    Sample {
    PureJAASSampleLoginModule required ORG_NAME="dc=iplanet,dc=com" INDEX_NAME="LDAP" debug=true;
    };

    This entry is named "Sample" and that is the name to be  entered for CONFIG in Makefile.,  The entry specifies that the LoginModule to be used to do the user authentication is the PureJAASSampleLoginModule  and that this SampleLoginModule is required to "succeed" in order for authentication to be considered successful.  pass options  with ORG_NAME  as orgnization name and  INDEX_NAME as Access Manager auth module to which this sample has to authenticate .
    if different login configuration need to be used , modify Makefile  to some thing like this
    -Djava.security.auth.login.config=purejaassample.config  to -Djava.security.auth.login.config=<yourj_jaas_config_file.config>

  4. To compile, just issue gmake

  5. To run the sample program, execute gmake run


For SSL mode:

  1. Add this JVM property in the sample client program 

    • -D "java.protocol.handler.pkgs=com.iplanet.services.comm" 

  2. Edit the following property in AMConfig.properties file 

    • com.iplanet.am.admin.cli.certdb.dir=<PRODUCT_DIR>/servers/alias

    • com.iplanet.am.admin.cli.certdb.prefix=https-machine1.red.iplanet.com-machine1-

    • com.iplanet.am.server.protocol to https

    • com.iplanet.am.server.port to the appropriate port on the server machine

    where machine1 is the host name of the server


Windows2000:

  1. To run the sample program on Windows2000, you will need to modify/verify the following: 

    In make.bat 

BASE

where Access manager is installed


JAVA_HOME

where Java compiler is installed

CONFIG

the entry specified in login configuration file  which should be used to do the user authentication

  1. Copy AMConfig.properties from Access Manager server installation machine location <CONFIG_DIR>  to the client machine where this sample will be run.

  2. Keep am_services.jar, jaas.jar, jss3.jar, AMConfig.properties in your classpath on client machine. (Note: Include jaas.jar in your classpath if you are using JDK version less than JDK1.4)

  3. A sample configuration file purejaassample.config  is provided for the testing  this sample, contains only one entry , which is 

    Sample {
    PureJAASSampleLoginModule required ORG_NAME="dc=iplanet,dc=com" INDEX_NAME="LDAP" debug=true;
    };

    This entry is named "Sample" and that is the name to be  entered for CONFIG in Makefile.,  The entry specifies that the LoginModule to be used to do the user authentication is the PureJAASSampleLoginModule  and that this SampleLoginModule is required to "succeed" in order for authentication to be considered successful.  pass options  with ORG_NAME  as orgnization name and  INDEX_NAME as Access Manager auth module to which this sample has to authenticate .
    if different login configuration need to be used , modify Makefile  to some thing like this -Djava.security.auth.login.config=purejaassample.config  to -Djava.security.auth.login.config=<yourj_jaas_config_file.config>

  1. To compile , execute "make".

  2. To run the sample program, execute "make run".


For SSL mode:

  1. Add this JVM property in the sample client program 

    • -D "java.protocol.handler.pkgs=com.iplanet.services.comm" 

  2. Edit the following property in AMConfig.properties file 

    • com.iplanet.am.admin.cli.certdb.dir=<ISinstall-dir>\SUN\IdentityServer6\Servers\alias

    • com.iplanet.am.admin.cli.certdb.prefix=https-machine1.red.iplanet.com-machine1-

    • com.iplanet.am.server.protocol to https

    • com.iplanet.am.server.port to the appropriate port on the server machine

    where 'machine1' is the host name of the server


For the details, please reference the Remote Client API Java Docs.
For the details, on how to plugin Login Module into standard JAAS Context see JAAS Reference Guide