The following considerations are specific to account attributes in standard resource adapters:
User identity template
Creating an identity template out of multiple user attributes
Login configuration and pass-through authentication
To view or edit the Waveset schema for Users or Roles you must be a member of the IDM Schema Configuration AdminGroup and you must have the IDM Schema Configuration capability.
The user identity template establishes the account name to use when creating the account on the resource. This template translates Waveset user account information to account information on the external resource.
You can use any schema map attribute (an attribute listed on the left side of the schema map) in the identity template.
You can overwrite the user identity template from the User form, which is commonly done to substitute organization names.
You can create an identity template out of a portion of multiple user attributes. For example, a template might consist of the first letter of the first name plus seven characters of the last name. In this case, you can customize the user form to perform the desired logic and then override the identity template that is defined on the resource.
The <LoginConfigEntry> element specifies the name and type of login module as well as the set of authentication properties required by this resource type to complete successful user authentication.
The <LoginConfig> and <SupportedApplications> sections of the adapter file specify whether the resource will be included in the options list on the Login Module configuration pages. Do not change this section of the file if you want the resource to appear in the options list.
Each <AuthnProperty> element contains the following attributes.
Table 10–11 <AuthnProperty> Element Attributes
User management across forests is only possible when multiple gateways, one for each forest, are deployed. In this case, you can configure the adapters to use a predefined domain for authentication per adapter without requiring the user to specify a domain as follows:
Add the following authentication property to the <AuthnProperties> element in the resource object’s XML:
<AuthnProperty name=’w2k_domain’ dataSource=’resource attribute’ value=’MyDomainName’/>
Replace MyDomainName with the domain that authenticates users.
For more information about this property, see the Active Directory resource adapter documentation in Resource Reference.
Most resource login modules support both the Waveset Administrative interface and User interface. The following example shows how SkeletonResourceAdapter.java implements the <LoginConfigEntry> element:
The following example defines the supported LoginModule DATA_SOURCE options. In this example, a LoginConfig entry is taken from the LDAP resource adapter supplied by Waveset. The entry defines two authentication properties whose dataSource value, if not specified, is supplied by the user.
public static final String USER_DATA_SOURCE = "user"; public static final String HTTP_REMOTE_USER_DATA_SOURCE = "http remote user"; public static final String HTTP_ATTRIBUTE_DATA_SOURCE = "http attribute"; public static final String HTTP_REQUEST_DATA_SOURCE = "http request"; public static final String HTTP_HEADER_DATA_SOURCE = "http header"; public static final String HTTPS_X509_CERTIFICATE_DATA_SOURCE = "x509 certificate"; " <LoginConfigEntry name=’"+WS_RESOURCE_LOGIN_MODULE+"’ type=’"+LDAP_RESOURCE_TYPE+"’ displayName=’"+Messages.RES_LOGIN_MOD_LDAP+"’>\n"+ " <AuthnProperties>\n"+ " <AuthnProperty name=’"+LDAP_UID+"’ displayName=’"+Messages.UI_USERID_LABEL+"’ formFieldType=’text’ isId=’true’/>\n"+ " <AuthnProperty name=’"+LDAP_PASSWORD+"’ displayName=’"+Messages.UI_PWD_LABEL+"’ formFieldType=’password’/>\n"+ " </AuthnProperties>\n"+ " </LoginConfigEntry>\n"+ |
The next example shows a Login Config entry where the authentication property’s dataSource value is not supplied by the user. In this case, the value is derived from the HTTP request header.
" <LoginConfigEntry name=’"+Constants.WS_RESOURCE_LOGIN_MODULE+"’ |type=’"+RESOURCE_NAME+"’ displayName=’"+RESOURCE_LOGIN_MODULE+"’>\n"+ " <AuthnProperties>\n"+ " <AuthnProperty name=’"+LOGIN_USER+"’ displayName=’"+DISPLAY_USER+"’ formFieldType=’text’ isId=’true’ dataSource=’http header’/>\n"+ " </AuthnProperties>\n"+| " </LoginConfigEntry>\n"+ |