Main Page
Authentication Pure JAAS Sample
PureJAASSampleLoginModule
The sample program demonstrate how to write pure JAAS module to
replay callbacks by authenticating using Access Manager Auth Remote
API. It will authenticate user by replaying the callbacks required
by Access Manager Auth Module. It is very easy to modify this
program to use other existing or customized Access Manager Authentication
module. this sample module can be plugged in into any standard JAAS
framework using JAAS API.
PRODUCT_DIR
setting on different Platforms:
CONFIG_DIR
setting on different Platforms:
- Solaris Sparc/x86
: CONFIG_DIR = /etc/opt/SUNWam/config
- Linux
: CONFIG_DIR = /etc/opt/sun/identity/config
- W2K
: CONFIG_DIR = <install_root>\lib
Running Sample on Solaris
Sparc x86, Linux:
-
Modify/Verify the Makefile for the following variables:
In Makefile
|
|
BASE
|
where Access manager is installed
|
|
JAVA_HOME
|
where Java compiler is installed
|
CONFIG
|
the entry specified in login configuration file which should
be used to do the user authentication
|
-
Copy AMConfig.properties
from Access Manager server installation machine location <CONFIG_DIR> to the client
machine where the sample will be run.
-
Keep am_services.jar, jaas.jar,
jss3.jar, AMConfig.properties in your classpath
on client machine. (Note: Include jaas.jar in your classpath if you
are using JDK version less than JDK1.4)
-
A sample configuration file purejaassample.config is provided
for the testing this sample, contains only one entry , which is
Sample { PureJAASSampleLoginModule required ORG_NAME="dc=iplanet,dc=com" INDEX_NAME="LDAP" debug=true; };
This entry is named "Sample"
and that is the name to be entered for CONFIG in Makefile.,
The entry specifies that the LoginModule to be used to do the user authentication
is the PureJAASSampleLoginModule and that this SampleLoginModule
is required to "succeed" in order for authentication to be considered
successful. pass options with ORG_NAME as orgnization
name and INDEX_NAME as Access Manager auth module to which this
sample has to authenticate .
if different login configuration need to be used , modify Makefile
to some thing like this
-Djava.security.auth.login.config=purejaassample.config to
-Djava.security.auth.login.config=<yourj_jaas_config_file.config>
-
To compile, just issue gmake.
-
To run the sample program, execute gmake run.
For SSL mode:
-
Add this JVM property in the sample
client program
-
Edit the following property in AMConfig.properties
file
-
com.iplanet.am.admin.cli.certdb.dir=<PRODUCT_DIR>/servers/alias
-
com.iplanet.am.admin.cli.certdb.prefix=https-machine1.red.iplanet.com-machine1-
-
com.iplanet.am.server.protocol
to https
-
com.iplanet.am.server.port
to the appropriate port on the server machine
where machine1 is the host name of the server
Windows2000:
-
To run the sample program on Windows2000, you will need to modify/verify
the following:
In make.bat
|
|
BASE
|
where Access manager is installed
|
|
JAVA_HOME
|
where Java compiler is installed
|
CONFIG
|
the entry specified in login configuration file which should
be used to do the user authentication
|
-
Copy AMConfig.properties
from Access Manager server installation machine location <CONFIG_DIR> to the client machine where
this sample will be run.
-
Keep am_services.jar, jaas.jar,
jss3.jar, AMConfig.properties in your classpath
on client machine. (Note: Include jaas.jar in your classpath if you
are using JDK version less than JDK1.4)
-
A sample configuration file purejaassample.config is provided
for the testing this sample, contains only one entry , which is
Sample { PureJAASSampleLoginModule required ORG_NAME="dc=iplanet,dc=com" INDEX_NAME="LDAP" debug=true; };
This entry is named "Sample" and that is the name to be
entered for CONFIG in Makefile., The entry specifies that the
LoginModule to be used to do the user authentication is the PureJAASSampleLoginModule
and that this SampleLoginModule is required to "succeed" in order
for authentication to be considered successful. pass options
with ORG_NAME as orgnization name and INDEX_NAME as Access
Manager auth module to which this sample has to authenticate .
if different login configuration need to be used , modify Makefile
to some thing like this -Djava.security.auth.login.config=purejaassample.config
to -Djava.security.auth.login.config=<yourj_jaas_config_file.config>
-
To compile , execute "make".
-
To run the sample program, execute "make run".
For SSL mode:
-
Add this JVM property in the sample
client program
-
Edit the following property in AMConfig.properties
file
-
com.iplanet.am.admin.cli.certdb.dir=<ISinstall-dir>\SUN\IdentityServer6\Servers\alias
-
com.iplanet.am.admin.cli.certdb.prefix=https-machine1.red.iplanet.com-machine1-
-
com.iplanet.am.server.protocol
to https
-
com.iplanet.am.server.port
to the appropriate port on the server machine
where 'machine1' is the host name of the server
For the details, please reference the Remote Client API
Java Docs.
For the details, on how to plugin Login Module into standard
JAAS Context see JAAS
Reference Guide
|