test

Sun Java System Access Manager 7 2005Q4 Administration Guide

ProcedureTo Create a New Authentication Chain

  1. Click the name of the realm for which you wish to add a new authentication chain.

  2. Select the Authentication tab.

  3. Click New in the Authentication Chaining list.

  4. Enter a name for the authentication chain.

  5. Click Create.

  6. Click Add to define the authentication module instance that you wish to include in the chain. To do so, select the module instance name from the Instance list. The module instance names displayed in this list are created in the Module Instances attribute.

  7. Select the criteria for the chain. These flags establish an enforcement criteria for the authentication module for which they are defined. There is hierarchy for enforcement. Required is the highest and Optional is the lowest:

    Requisite

    The module instance is required to succeed. If it succeeds, authentication continues down the Authentication Chaining list. If it fails, control immediately returns to the application (authentication does not proceed down the Authentication Chaining list).

    Required

    Authentication to this module is required to succeed. If any of the required modules in the chain fails, the whole authentication chain will ultimately fail. However, whether a required module succeeds or fails, the control will continue down to the next module in the chain.

    Sufficient

    The module instance is not required to succeed. If it does succeed, control immediately returns to the application (authentication does not proceed down the module instance list). If it fails, authentication continues down the Authentication Chaining list.

    Optional

    The module instance is not required to succeed. If it succeeds or fails, authentication still continues to proceed down the Authentication Chaining list.

  8. Enter options for the chain. This enables additional options for the module as a key=value pair. Multiple options are separated by a space.

  9. Define the following attributes:

    Successful Login URL

    Specifies the URL that the user will be redirected to upon successful authentication.

    Failed Login URL

    Specifies the URL that the user will be redirected to upon unsuccessful authentication.

    Authentication Post Processing Class

    Defines the name of the Java class used to customize the post authentication process after a login success or failure.

  10. Click Save.