test

Sun Identity Manager Deployment Guide

ProcedureTo Manage Users Across Forests

  1. Add the following authentication property to the <AuthnProperties> element in the resource object’s XML:

    <AuthnProperty name=’w2k_domain’ dataSource=’resource attribute’ value=’MyDomainName’/>

  2. Replace MyDomainName with the domain that authenticates users.

    Note –

    For more information about this property, see the Active Directory resource adapter documentation in Resource Reference.

    Most resource login modules support both the Identity Manager Administrative interface and User interface. The following example shows how SkeletonResourceAdapter.java implements the <LoginConfigEntry> element:


    <LoginConfigEntry name=’"+Constants.WS_RESOURCE_LOGIN_MODULE+"’ type=’"+RESOURCE_NAME+"’ 
displayName=’"+RESOURCE_LOGIN_MODULE+"’>\n"+
  "  <AuthnProperties>\n"+
  "     <AuthnProperty name=’"+LOGIN_USER+"’ displayName=’"+DISPLAY_USER+"’ formFieldType=’text’ isId=’true’/>\n"+
  "     <AuthnProperty name=’"+LOGIN_PASSWORD+"’ displayName=’"+DISPLAY_PASSWORD+"’ formFieldType=’password’/>\n"+
  "  </AuthnProperties>\n"+
  "  <SupportedApplications>\n"+
  "     <SupportedApplication name=’"+Constants.ADMINCONSOLE+"’/>\n"+
  "     <SupportedApplication name=’"+Constants.SELFPROVISION+"’/>\n"+
  "  </SupportedApplications>\n"+
"</LoginConfigEntry>\n"+

    The following example defines the supported LoginModule DATA_SOURCE options. In this example, a LoginConfig entry is taken from the LDAP resource adapter supplied by Identity Manager. The entry defines two authentication properties whose dataSource value, if not specified, is supplied by the user.


    public static final String USER_DATA_SOURCE = "user";
public static final String HTTP_REMOTE_USER_DATA_SOURCE = "http remote user";
public static final String HTTP_ATTRIBUTE_DATA_SOURCE = "http attribute";
public static final String HTTP_REQUEST_DATA_SOURCE = "http request";
public static final String HTTP_HEADER_DATA_SOURCE = "http header";
public static final String HTTPS_X509_CERTIFICATE_DATA_SOURCE = "x509 certificate";
" <LoginConfigEntry name=’"+WS_RESOURCE_LOGIN_MODULE+"’
type=’"+LDAP_RESOURCE_TYPE+"’
displayName=’"+Messages.RES_LOGIN_MOD_LDAP+"’>\n"+
" <AuthnProperties>\n"+
" <AuthnProperty name=’"+LDAP_UID+"’ displayName=’"+Messages.UI_USERID_LABEL+"’
formFieldType=’text’ isId=’true’/>\n"+
" <AuthnProperty name=’"+LDAP_PASSWORD+"’
displayName=’"+Messages.UI_PWD_LABEL+"’
formFieldType=’password’/>\n"+
" </AuthnProperties>\n"+
" </LoginConfigEntry>\n"+

    The next example shows a Login Config entry where the authentication property’s dataSource value is not supplied by the user. In this case, the value is derived from the HTTP request header.


    " <LoginConfigEntry name=’"+Constants.WS_RESOURCE_LOGIN_MODULE+"’
|type=’"+RESOURCE_NAME+"’ displayName=’"+RESOURCE_LOGIN_MODULE+"’>\n"+
" <AuthnProperties>\n"+
" <AuthnProperty name=’"+LOGIN_USER+"’ displayName=’"+DISPLAY_USER+"’
formFieldType=’text’ isId=’true’ dataSource=’http header’/>\n"+
" </AuthnProperties>\n"+|
" </LoginConfigEntry>\n"+