Writing Your Own Post-Authentication Plug-In (Sun OpenSSO Enterprise 8.0 Integration Guide)

Sun OpenSSO Enterprise 8.0 Integration Guide

Writing Your Own Post-Authentication Plug-In

The following code sample is a post-authentication plug-in. In this code sample, OpenSSO Enteprise redirects to an Identity Manager URL if the value of the configured LDAP attribute is true.

Replace occurrences of com.sun.identity.authentication.spi.FirstTimeLogin with the fully qualified name of your class.

Example 1–1 Code Sample: Post-Authentication Plug-In for First-Time Login

package com.sun.identity.authentication.spi;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.Misc;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOException;
import com.sun.identity.authentication.service.AuthUtils;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdUtils;
import java.io.IOException;
import java.lang.System;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;



public class FirstTimeLogin implements AMPostAuthProcessInterface {

    //add this attribute as an advance property
    private static final String FIRSTTIME_LOGIN_ATTR_NAME = 
        "com.sun.identity.firsttime_login_attr_name";  

    private static Debug debug = Debug.getInstance("FirstTimeLogin");

    /** 
     * Post processing on successful authentication.
     * @param requestParamsMap contains HttpServletRequest parameters
     * @param request HttpServlet  request
     * @param response HttpServlet response
     * @param ssoToken user's session
     * @throws AuthenticationException if there is an error while setting
     * the session paswword property
     */
    public void onLoginSuccess(Map requestParamsMap,
        HttpServletRequest request,
        HttpServletResponse response,
        SSOToken ssoToken) throws AuthenticationException {

        if (debug.messageEnabled()) {
            debug.message("FirstTimeLogin.onLoginSuccess called: 
                 Req:" + request.getRequestURL());
        }

        String strAttributeName = SystemProperties.get(FIRSTTIME_LOGIN_ATTR_NAME);

        try {

            if(strAttributeName != null && !strAttributeName.trim().equals("")){
                AMIdentity amIdentityUser = IdUtils.getIdentity(ssoToken);
                Map attrMap = amIdentityUser.getAttributes();
                String strAttributeValue = Misc.getMapAttr(
                    attrMap, strAttributeName, null);
                if (debug.messageEnabled()) {
                    debug.message("FirstTimeLogin.onLoginSuccess: 
                         " + strAttributeName + "=" + strAttributeValue);
                }
		System.out.println("FirstTimeLogin.onLoginSuccess: 
      " + strAttributeName + "=" + strAttributeValue);
             if(strAttributeValue != null && strAttributeValue.equalsIgnoreCase("true")){
                 if (request != null){
                 request.setAttribute(AMPostAuthProcessInterface.POST_PROCESS_LOGIN_SUCCESS_URL,
                           "http://localhost:8081/idm/user/main.jsp?goto=http://mail.yahoo.com");
                    }
                }				
            }

            if (debug.messageEnabled()) {
                debug.message("FirstTimeLogin.onLoginSuccess: 
                    FirstTimeLogin " + "concluded successfully");
            }
        } catch (IdRepoException ire) {
            debug.error("FirstTimeLogin.onLoginSuccess: 
                 IOException while " + "fetching user attributes: " + ire);
        } catch (SSOException sse) {
            debug.error("FirstTimeLogin.onLoginSuccess: 
                 SSOException while " + "setting session password property: " + sse);
        }
    }

    /** 
     * Post processing on failed authentication.
     * @param requestParamsMap contains HttpServletRequest parameters
     * @param req HttpServlet request
     * @param res HttpServlet response
     * @throws AuthenticationException if there is an error
     */
    public void onLoginFailure(Map requestParamsMap,
        HttpServletRequest req,
        HttpServletResponse res) throws AuthenticationException {
            debug.message("FirstTimeLogin.onLoginFailure: called");
    }

    /** 
     * Post processing on Logout.
     * @param req HttpServlet request
     * @param res HttpServlet response
     * @param ssoToken user's session
     * @throws AuthenticationException if there is an error
     */
    public void onLogout(HttpServletRequest req,
        HttpServletResponse res,
        SSOToken ssoToken) throws AuthenticationException {
            debug.message("FirstTimeLogin.onLogout called");
    }
}

If you want to preserve the value of the OpenSSO Enterprise goto URL, and pass it on to Identity Manager, you can do that in the post-authentication plug-in. You can retrieve the original URL parameters from the HTTP request, and incorporate them into the request to the Identity Manager URL. See the Adding Authentication Post Processing Features in Sun OpenSSO Enterprise 8.0 Developer’s Guide