�� 20 �� ֤��

��һҳ Ŀ¼ �� һҳ
Sun Java System Identity Server 2004Q2 ��ָ��

�� 20 ��
��֤��

��֤��Ĭ��֤��Ļ��Ҳ��Զ��֤ģ��ԵĻ��ҪΪÿ��ϣ��ʹ��ʽ��֤��֯��ú��֤��񡣺��֤��ȫ��Ժ��֯��ɡ�ȫ��õ�ֵ��Ӧ�õ�� Sun Java System Identity Server ��ã��ÿ��õ��֯��̳С��ȫ��Ե�Ŀ��Զ�� Identity Server Ӧ�ó��˴��Բ��ֱ��Ӧ�õ��ɫ��֯��ڡ��á��֯��õ�ֵ��Ϊ��֤ģ��Ĭ��ֵ��Ϊ��֯��ӷ��֮��Ҫ��ģ�塣��֯�Ĺ��Ա��Ӻ��Ĭ��ֵ��֯��Բ��ᱻ��֯�е��Ŀ��̳С��֤��Է�Ϊ��

ȫ��

��֯��

ȫ��

��֤��е�ȫ��԰�(��

�ɲ�ӵ��֤ģ��

�ͻ��֧�ֵ��֤ģ��

LDAP l�ӳش�С

LDAP l�ӳص�Ĭ�ϴ�С

�ɲ�ӵ��֤ģ��

��ֶ��ָ�� Identity Server ƽ̨��õ��֯��ʹ�õ��֤ģ�� Java �ࡣĬ��£��( LDAP��SafeWord��SecurID��Ӧ�ó��HTTP Basic��Ա�ʸ�Unix��֤�顢NT��RADIUS �� Windows �� SSO��ͨ��ʵ�� AMLoginModule SPI �� JAAS LoginModule SPI 4д��Զ��֤ģ�顣�й��ϸ��Ϣ��μ�Identity Server Developer's Guide��Ҫ��µķ��񣬸��ֶα��ʹ��ı��ַ��ָ��ÿ��֤��(��ƣ��

�ͻ��֧�ֵ��֤ģ��

��ָ��ض��ͻ��֧�ֵ��֤ģ��б?��ʽ��ʾ��

clientType | module1,module2,module3

��˿ͻ��ʱ��Ч��

LDAP l�ӳش�С

��ָ��ض� LDAP ��˿��ʹ�õ��С��l�ӳء��Խ�� LDAP �ͳ�Ա�ʸ��֤��񡣸�ʽ��ʾ��

host:port:min:max

ע

��l�ӳ�� serverconfig.xml ��õ� SDK l�ӳز�ͬ��

LDAP l�ӳص�Ĭ�ϴ�С

�� LDAP ��֤ģ��һ��ʹ�õ�l�ӳص�Ĭ��ֵ��Сֵ��LDAP l�ӳش�С��д��Ͷ˿��Ŀ��Сֵ��ֵ��ý��ʹ�á�LDAP l�ӳص�Ĭ�ϴ�С��е��Ӧֵ��

��֯��

��֤��е��֯��԰�(��

��֯��֤ģ��

�û��ļ�

��Ա��֤��

�û��ļ��̬��Ĭ�Ͻ�ɫ

��ó־� Cookie ģʽ

�־� Cookie �ʱ��

��û��û��

��

Ĭ��֤��

�û��

Ĭ��֤��Ի��

��֯��֤��

��õ�¼ʧ��ģʽ

��¼ʧ��

��¼ʧ��

��ڷ��֪ͨ�ĵ��ʼ��ַ

N ��ʧ�ܺ󾯸��û�

��¼ʧ��ʱ��

��

��ֵ

Ĭ�ϳɹ��¼ URL

Ĭ��ʧ�ܵ�¼ URL

��֤��

��û� ID ģʽ

�ɲ��û��

��֯��֤ģ��

��б��ָ��֯��ʹ�õ��֤ģ�顣ÿ��Ա��Ϊ��ض��֯ѡ��֤��͡��Ȼ��֤ģ��ʹ��4�Ƚ����û��ȷ��¼��ѡ��֤ģ�顣Ĭ��֤ģ��Ϊ LDAP��Identity Server ��(��֤��У�

LDAP

֤��

��

HTTP Basic

��Ա�ʸ�

NT

SafeWord

RADIUS

SecurID

Unix

Windows �� SSO

ע

��Ա��Ѵ��֯�д��֪ͨ��֤ģ��ģ�壬��ʹ��֯��

�û��ļ�

��ѡ��Ϊ�û��ļ�ָ��ѡ�

�� - ָ��ڳɹ��֤�� Identity Server һ��װ�ı�� Directory Server ��Ҫ��û��ļ��֤��Żᷢ�� SSOToken��

��̬�� - ָ��ڳɹ��֤��û��ļ��֤��񽫴��û��ļ��Ȼ�󷢲� SSOToken��û��ļ�� Identity Server һ��װ�ı�� Directory Server �С�

�� - ָ��ڳɹ��֤��֤��Ҫ�û��ļ��Ϳ��Է�� SSOToken��

��Ա��֤��

��༭��t��Ϊ��Ա��֤��񡣹��Ա��Ҫ�� Identity Server ��̨��û��Ҫ��Ա��֤ģ��û��֤ģ��4��ʹ�ø��ԡ�� Identity Server ��̨��ʱ��ʹ�ø��õ�ģ�顣��磺

http://servername.port/console_deploy_uri

�û��ļ��̬��Ĭ�Ͻ�ɫ

��û��ļ��ѡ��ˡ��̬��ֶν�ָ��Ϊ��û��ָ�ɵĽ�ɫ��Щ�û��ļ��Ѵ��ϡ��ֶ�û��Ĭ��ֵ��Ա��ָ��Ҫ��û��Ľ�ɫ�� DN��

ע

��ָ��Ľ�ɫ��λ��Ϊ��֤��֯�¡��ý�ɫ�� Identity Server ��ɫ��Ҳ�� LDAP ��ɫ��ǹ��˺�Ľ�ɫ��

��ó־� Cookie ģʽ

��ѡ��ȷ��û��ܷ��Է��侭��֤�ĻỰ��ͨ��á��ó־� Cookie ģʽ��Ա��û��Ự��á��ó־� Cookie ģʽ��֮��ֱ��û��Ự�ĳ־� Cookie ��ڻ��û��ȷע��󣬸��û��Ự�Ż��ڡ��ʱ��ڡ��־� Cookie �ʱ��ָ��ġ�Ĭ��ֵ�ǡ��־� Cookie ģʽ��δ��ã��֤��ʹ��ڴ� Cookie��

ע

�ͻ��ȷ��־� Cookie��ʹ�õ�¼ URL �е� iPSPCookie=yes ��

�־� Cookie �ʱ��

��ֶ��ָ��೤ʱ��־� Cookie ��ڡ�(��ͨ��ѡ��Ӧ��ѡ��á��ó־� Cookie ģʽ��ʱ��ӳɹ��֤�û��ĻỰʱ��ʼ��㡣Ĭ��ֵΪ 2147483��Ϊ��λ��ֶο�� 0 �� 2147483 ֮��ֵ��

��û��û��

�û��֤�ɹ��󣬽��û��ļ��ֶ��е�ֵ��ָ��ļ��λ�á�ͨ��£��ֵ��Ĭ��û�� DN��Զ��ӵ��֯��û��Ŀ��ӵ��֯��Ĭ�ϡ��û��С�Ĭ��ֵ�� ou=People��ͨ��°�(��֯��ƺ͸��׺��ֶο��Խ��κ��֯��Ԫ��Ч DN��

ע

��֤ͨ��;��û��ļ��

��Ĭ�ϵ��û��Ȼ��

��Ĭ�ϵ��֯��Ȼ��

ʹ�á��ơ��Ĭ��֯��û��

��һ��ʽ�� SSO ��Σ��У��֤��û��ܲ��ļ��е��ԡ��磬�û��ʹ�� jn10191 �� Safeword ID ��֤��ļ�ȴ�� uid=jamie��

��

�û��֤�ɹ��󣬽��û��ļ��ֶ��ָ�� LDAP ��ԣ��û��ָ��ѡ LDAP ��Խ��ʱ��û��ҵ�ƥ��û��ļ��ʹ�ø��ֶ�ָ��Խ��Ҫ��ڵ��֤ģ�鷵�ص��û��ʶ�롰�û��ԡ��ָ��û��ʶ��ͬʱ��磬RADIUS ��ܷ�� abc1234��û��ȴ�� abc��Բ��Ĭ��ֵ��Խ��κ��Ч�� LDAP ��ԣ�� cn��

�û��

�û��֤�ɹ��󣬽��û��ļ��Ե�ֵָ��ڽ�� LDAP ��ԡ�Ĭ��£�Identity Server �ٶ��û��Ŀ�� uid ��Ա�ʶ�ġ�� Directory Server ʹ�õ��ԣ�� givenname��ڸ��ֶ��ָ��ơ�

Ĭ��֤��Ի��

��ֶ��ָ��֤��Ҫʹ�õ�Ĭ��͡�Ĭ��ֵΪ en_US�� 20-1 ��ҵ��Ч��͵��б?

Ϊ��ʹ��Ի��ȱ��봴��Ի��֤ģ�塣Ȼ��ҪΪ��Щģ�崴��µ�Ŀ¼��й��ϸ��Ϣ��μ�Identity Server Developer's Guide��еĵ��Authentication Service��

�� 20-1 ֧�ֵ��Ի��

��Ա��

��

af

�ϷǺ�<��

be

�׶��˹��

bg

��

ca

��̩��

cs

�ݿ�˹�工��

da

��

de

��

el

ϣ0��

en

Ӣ��

es

��

eu

��˹��

fi

��<��

fo

��

fr

��

ga

��<��

gl

��

hr

��޵��

hu

��

id

ӡ��

is

��

it

��

ja

��

ko

��

nl

��<��

no

Ų��

pl

��<��

pt

��

ro

��

ru

��

sk

˹�工��

sl

˹��

sq

��

sr

��ά��

sv

��

tr

�v��

uk

�ڿ�<��

zh

��

��֯��֤��

��֯��֤ģ�顣Ĭ��֤ģ��Ϊ LDAP��ͨ��༭��t�ӿ��ѡ��һ��֤ģ�顣��ѡ��˶��ģ�飬��û��Ҫ�ɹ�ͨ��ѡ��ģ��֤��

��õ�ģ��ڶ�� /server_deploy_uri/UL/Login ��ʽ��֤ģ��û��֤��й��ϸ��Ϣ��μ�Identity Server Developer's Guide��

��õ�¼ʧ��ģʽ

�ù��ָ��û��ڵ�һ�ε�¼ʧ�ܺ��Ƿ��Գ��Եڶ��֤��ѡ��Խ��ܣ��û��ֻ��һ��֤�Ļ�ᡣĬ��£��ܡ��ͬ��ص��Ժ�֪ͨ��һ�𷢻��á�

��¼ʧ��

��ڶ��ڡ��¼ʧ��ָ��ʱ��ڣ��û��ڱ��֮ǰ��ͼ��֤�Ĵ��

��¼ʧ��

��ڶ��}��ʧ�ܵĵ�¼��֮��ʱ�䣨�Է��Ϊ��λ��һ�ε�¼ʧ�ܲ��һ�ε�¼��ʧ�ܣ�� 1��򣬽��

��ڷ��֪ͨ�ĵ��ʼ��ַ

��ָ��û��ʱ��ӵ�֪ͨ�ĵ��ʼ��ַ��Ҫ��ַ��͵��ʼ�֪ͨ��ÿո�ÿ��ʼ��ַ�ָ��

N ��ʧ�ܺ󾯸��û�

��ָ�� Identity Server ��;��Ϣ��û��֮ǰ��?��֤ʧ�ܴ��

��¼ʧ��ʱ��

��ڴ��Ĭ��£��ƽ�ʹ��ơ��ж��û��ļ�ʧЧ��һ�ε�¼ʧ�ܺ󣩡��¼ʧ��ʱ��ֵ�� 0��ָ��ʱ�䣨��ڴ��û��ʻ��

��

��ָ��Ҫ��Ϊ�� LDAP ��ԡ��ġ��ֵ��е�ֵ��ø��Ƶ��Ĭ��£�� Identity Server ��̨�С��ơ�Ϊ�ա��û��ҵ�¼ʧ��ʱ��Ϊ 0 ʱ��Ĭ��ִ��ֵΪ inetuserstatus��LDAP ��ԣ�� inactive��

��ֵ

��ָ��ڡ��ж��û��Ĭ��£�� inetuserstatus ��ֵ��Ϊ��Ч��

Ĭ�ϳɹ��¼ URL

��ֶν��һϵ�е�ֵ��Щֵ��ָ��֤�ɹ��û��ض��򵽵� URL��Եĸ�ʽΪ clientType|URL��ָֻ�� URL ��ֵ��Ĭ��Ϊ HTML��ɹ��¼ URL �� remote-auth.dtd �е� LoginStatus Ԫ��С��й��ϸ��Ϣ��μ�Identity Server Developer's Guide��

Ĭ��ʧ�ܵ�¼ URL

��ֶν��һϵ�е�ֵ��Щֵ��ָ��֤�ɹ��û��ض��򵽵� URL��Եĸ�ʽ�� clientType|URL��ɽ�ָ�� URL ��ֵ��Ĭ��Ϊ HTML��ʧ�ܵ�¼ URL �� remote-auth.dtd �� LoginStatus Ԫ��á��й��ϸ��Ϣ��μ�Identity Server Developer's Guide��

��֤��

��ֶ��ָ��Ϊ�ɹ��򲻳ɹ��¼�Զ��֤��ʹ�õ�Java ��ơ�ʾ��

com.abc.authentication.PostProcessClass

Java ��ʵ�� Java �ӿڣ�

com.sun.identity.authentication.spi.AMPostAuthProcessInterface

��⣬��뽫��ڵ�·��ӵ� Web Server �ġ�Java Classpath��С�

��û� ID ģʽ

��ڳ�Ա�ʸ��֤ģ�顣��˸��ֶΣ��Ա�ʸ�ģ��ע��ض��û��û� ID��û� ID �Ѿ��ڣ��û� ID �Ǵ��ڡ��ɲ��û��ָ�� Java ��ɵġ�

�ɲ��û��

��ֶ��ָ��ˡ��û� ID ģʽ��ʱ��4��û� ID �� Java ��ơ�

Ĭ��֤��

��֤��ֵ��ʾ��֤�ĳ̶ȡ��û��֤֮�󣬸�ֵ��洢�ڻỰ�� SSO ��С�SSO ��Ʊ��ύ��û�Ҫ��ʵ�Ӧ�ó��ʱ��Ӧ�ó��ʹ�ô洢��ֵ4�ж��֤��Ƿ��㹻�ߣ��ȷ��Ƿ��û��ʡ�� SSO ��д洢��֤��û�дﵽ��С��Ӧ�ó��ʾ�û�ʹ�þ��нϸ��֤��ķ��ٴν��֤��

��֤��Ӧ��֯��ض��֤ģ��н��á��˴��ġ�Ĭ��֤��ֵ��δ��ض��֯��֤ģ��ġ��֤��ֶ��ָ��κ��֤��ʱ��á��Ĭ��֤��𡱵�Ĭ��ֵΪ 0��е�ֵ�� Identity Server ʹ�ã��ɿ��ѡ��ʹ��ⲿӦ�ó��ʹ�á�� 2004Q2 ��а棬�˹��޷��ִ�С��ǰ�İ汾�У��˹��ܿ��ִ�С�

��һҳ Ŀ¼ �� һҳ

��Ȩ�� 2004 Sun Microsystems, Inc. ��Ȩ��


ע	��l�ӳ�� serverconfig.xml ��õ� SDK l�ӳز�ͬ��


ע	��Ա��Ѵ��֯�д��֪ͨ��֤ģ��ģ�壬��ʹ��֯��


ע	��ָ��Ľ�ɫ��λ��Ϊ��֤��֯�¡��ý�ɫ�� Identity Server ��ɫ��Ҳ�� LDAP ��ɫ��ǹ��˺�Ľ�ɫ��


ע	�ͻ��ȷ��־� Cookie��ʹ�õ�¼ URL �е� iPSPCookie=yes ��


ע	��֤ͨ��;��û��ļ�� ��Ĭ�ϵ��û��Ȼ�� ��Ĭ�ϵ��֯��Ȼ�� ʹ�á��ơ��Ĭ��֯��û�� ��һ��ʽ�� SSO ��Σ��У��֤��û��ܲ��ļ��е��ԡ��磬�û��ʹ�� jn10191 �� Safeword ID ��֤��ļ�ȴ�� uid=jamie��


	Ϊ��ʹ��Ի��ȱ��봴��Ի��֤ģ�塣Ȼ��ҪΪ��Щģ�崴��µ�Ŀ¼��й��ϸ��Ϣ��μ�Identity Server Developer's Guide��еĵ��Authentication Service��

��Ա��	��
af	�ϷǺ�<��
be	�׶��˹��
bg	��
ca	��̩��
cs	�ݿ�˹�工��
da	��
de	��
el	ϣ0��
en	Ӣ��
es	��
eu	��˹��
fi	��<��
fo	��
fr	��
ga	��<��
gl	��
hr	��޵��
hu	��
id	ӡ��
is	��
it	��
ja	��
ko	��
nl	��<��
no	Ų��
pl	��<��
pt	��
ro	��
ru	��
sk	˹�工��
sl	˹��
sq	��
sr	��ά��
sv	��
tr	�v��
uk	�ڿ�<��
zh	��

�� 20 �� ������֤����

ȫ������

�ɲ�ӵ���֤ģ����

�ͻ���֧�ֵ���֤ģ��

LDAP l�ӳش�С

LDAP l�ӳص�Ĭ�ϴ�С

��֯����

��֯��֤ģ��

�û������ļ�

����Ա��֤����

�û������ļ���̬����Ĭ�Ͻ�ɫ

���ó־� Cookie ģʽ

�־� Cookie �ʱ��

�����û����û�����

���������������

�û���������

Ĭ����֤���Ի���

��֯��֤����

���õ�¼ʧ����ģʽ

��¼ʧ�������

��¼ʧ������

���ڷ�����֪ͨ�ĵ����ʼ���ַ

N ��ʧ�ܺ󾯸��û�

��¼ʧ����ʱ��

���������

������ֵ

Ĭ�ϳɹ���¼ URL

Ĭ��ʧ�ܵ�¼ URL

��֤������

��������û� ID ģʽ

�ɲ���û����������

Ĭ����֤����

�� 20 ��
��֤��

ȫ��

�ɲ�ӵ��֤ģ��

�ͻ��֧�ֵ��֤ģ��

��֯��

�û��ļ�

��Ա��֤��

�û��ļ��̬��Ĭ�Ͻ�ɫ

��ó־� Cookie ģʽ

��û��û��

��

�û��

Ĭ��֤��Ի��

��֯��֤��

��õ�¼ʧ��ģʽ

��¼ʧ��

��¼ʧ��

��ڷ��֪ͨ�ĵ��ʼ��ַ

��¼ʧ��ʱ��

��

��ֵ

Ĭ�ϳɹ��¼ URL

��֤��

��û� ID ģʽ

�ɲ��û��

Ĭ��֤��