Develop a custom post-authentication plug-in.
You can write your own custom post authorization plug-in, or you can use the sample source code that comes with OpenSSO Enterprise. See Developing a Post-Authentication Plug-In for First-Time User Login for more information.
Compile the post-authentication plug-in code.
See To Compile the Post-Authentication Plug-In Code for detailed information.
Use the OpenSSO Enterprise console to modify first-time user login settings.
Log in to the OpenSSO Enterprise administration console.
Click the Access Control tab, and then navigate to RealmName> Data Stores > DataStoreName.
For the property LDAP User Attributes, add the LDAP attribute employeeType.
Click Save.
Click “Back to Data Stores.”
Click the Authentication tab.
Click “All Core Settings.”
For the property “Authentication Post Processing Classes,” add the value com.sun.identity.authentication.spi.FirstTimeLogin.
Click Save.
Click “Back to Authentication,” and then click "Back to Access Control".
Click the Configuration tab, and then navigate to Server & Sites > Default Server Settings > Advanced.
Click Add to add a new property. Example:
This is an example of an LDAP attribute name. Use your own LDAP attribute name here.
com.sun.identity.firsttime_login_attr_name
employeeType
Click Save.
The following warning message is displayed:
"Server Profile was updated. Unidentified property, com.sun.identity.firsttime_login_attr_name"
Ignore this warning.
Log out of the OpenSSO Enterprise console.
Copy your custom post-authentication plug-in classfile (example: FirstTimeLogin.class) to the following OpenSSO Enterprise web-app directory:
WEB-INF/classes/com/sun/identity/authentication/spi
Be sure to create directories that don't already exist to reflect the package. Example: /opt/SUNWappserver91/domains/opensso4idm/applications/j2ee-modules/opensso/WEB-INF/classes/com/sun/identity/authentication/spi
Restart the OpenSSO Enterprise web container for the changes to take effect.