Some organizations require an advanced authentication scenario where a user authenticates against a particular module based on the resource that they are attempting to access. Resource-based authentication is a feature of Access Manager in which a user must authenticate to a specific authentication module protecting the resource, and not to the default authentication module. This feature is only applicable to first time user authentications.
This is a separate feature than the resource-based authentication described in Session Upgrade. That particular feature does not have any limitations.
Resource—based authentication contains the following limitations:
If the policies applicable to the resource have multiple authentication modules, the system will arbitrarily pick one authentication module.
Level and scheme are the only conditions that can be defined for this policy.
This feature does not work across different DNS domains.
Once both the Access Manager and a policy agent have been installed, resource—based authentication can be configured. To do this, it is necessary to point Access Manager to the Gateway servlet.
AMAgent.properties can be found (in a Solaris environment) in /etc/opt//SUNWam/agents/config/ .
Comment out the following line:
#com.sun.am.policy.am.loginURL = http://Access Manager_server_host.domain_name:port/amserver/UI/Login.
Add the following line to the file:
com.sun.am.policy.am.loginURL = http://AccessManager_host.domain_name:port/amserver/gateway
The gateway servlet is developed using the Policy Evaluation APIs and can be used to write a custom mechanism to accomplish resource-based authentication. See the Chapter 6, Using the Policy APIs, in Sun Java System Access Manager 7 2005Q4 Developer’s Guide in the Access Manager Developer's Guide.
Restart the agent.