Sun Java System Access Manager 7 2005Q4 Release Notes

CR# 6385184: Re-direct from within a custom authentication module when SSO Token is still in invalid state

New RedirectCallback for custom authentication module allows redirection to an external Web site via the Authentication UI to get a user validated. If the authentication is successful, the user is then redirected back to the original Access Manager server URL. Sample files include:

To implement this feature:

  1. Create a custom authentication module using the sample

  2. Load the module into an Access Manager server.

  3. Construct the RedirectCallback in the XML file using the sample LoginModuleSample.xml.

  4. To test the module, use the sample testExtWebSite.jsp file for the external Web site.

  5. Login using this URL:

The user name and password are redirected to the external Web site for validation. If the name and password are valid, the authentication is successful and the user is then redirected back to the original Access Manager server URL.

For example, consider this scenario, where the deployment is using a custom authentication module to access a provisioning/credit card site:

  1. A user invokes the authentication process/login page for the custom authentication module.

  2. The user enters the credentials (user name and password) and submits a request to the custom authentication module.

  3. The custom authentication module redirects the user to an external provisioning/credit card site with the required user information along with the request.

  4. The external provisioning/credit card site checks the user's status and returns the request with either success or failure, which is set as part of the returned request.

  5. The custom authentication module validates the user based on the status returned in Step 4 and returns the corresponding status to the authentication service.

  6. The user authentication completes with either success or failure.