Sun Java System Access Manager 7 2005Q4 Administration Guide

Resource—Based Authentication

Some organizations require an advanced authentication scenario where a user authenticates against a particular module based on the resource that they are attempting to access. Resource-based authentication is a feature of Access Manager in which a user must authenticate to a specific authentication module protecting the resource, and not to the default authentication module. This feature is only applicable to first time user authentications.


Note –

This is a separate feature than the resource-based authentication described in Session Upgrade. That particular feature does not have any limitations.


Limitations

Resource—based authentication contains the following limitations:

ProcedureTo Configure Resource—based Authentication

Once both the Access Manager and a policy agent have been installed, resource—based authentication can be configured. To do this, it is necessary to point Access Manager to the Gateway servlet.

  1. Open AMAgent.properties.

    AMAgent.properties can be found (in a Solaris environment) in /etc/opt//SUNWam/agents/config/ .

  2. Comment out the following line:

    #com.sun.am.policy.am.loginURL = http://Access Manager_server_host.domain_name:port/amserver/UI/Login.

  3. Add the following line to the file:

    com.sun.am.policy.am.loginURL = http://AccessManager_host.domain_name:port/amserver/gateway


    Note –

    The gateway servlet is developed using the Policy Evaluation APIs and can be used to write a custom mechanism to accomplish resource-based authentication. See the Chapter 6, Using the Policy APIs, in Sun Java System Access Manager 7 2005Q4 Developer’s Guide in the Access Manager Developer's Guide.


  4. Restart the agent.