Sun Java System Access Manager 7.1 Developer's Guide

XML Files

XML files describe the authentication module-specific properties based on the Authentication Module Properties DTD file: AccessManager-base/SUNWam/Auth_Module_Properties.dtd. Access Manager defines required credentials and callback information for each of the default authentication modules. By default, Authentication XML files are installed in the following directory:

AccessManager-base/SUNWam/web-src/services/config/auth/default The table XML Files provides descriptions of the authentication module configuration files.

XML files are looked up from the deployed location. In previous Access Manager versions, the XML files were looked up from the installed location.

Table 12–3 List of Authentication Module Configuration Files

File Name 

Purpose 

AD.xml 

Defines a Login screen for use with Active Directory authentication. 

Anonymous.xml

For anonymous authentication, although there are no specific credentials required to authenticate. 

Application.xml

Needed for application authentication. 

Cert.xml

For certificate-based authentication although there are no specific credentials required to authenticate. 

HTTPBasic.xml

Defines one screen with a header only as credentials are requested via the user’s web browser. 

JDBC.xml

Defines a Login screen for use with Java Database Connectivity (JDBC) authentication. 

LDAP.xml

Defines a Login screen, a Change Password screen and two error message screens (Reset Password and User Inactive). 

Membership.xml

Default data interface which can be used to customize for any domain. 

MSISDN.xml

Defines a Login screen for use with Mobile Subscriber ISDN (MSISDN). 

NT.xml

Defines a Login screen. 

RADIUS.xml

Defines a Login screen and a RADIUS Password Challenge screen. 

SafeWord.xml

Defines two Login screens: one for User Name and the next for Password. 

   

SAML.xml

Defines a Logins screen for Security Assertion Markup Language (SAML) authentication. 

SecurID.xml

Defines five Login screens including UserID and Passcode, PIN mode, and Token Passcode.

Unix.xml

Defines a Login screen and an Expired Password screen. 

Callbacks Element

The Callbacks element is used to define the information a module needs to gather from the client requesting authentication. Each Callbacks element signifies a separate screen that can be called during the authentication process.

Nested Elements

The following table describes nested elements for the Callbacks element.

Element 

Required 

Description 

NameCallback

Requests data from the user; for example, a user identification. 

PasswordCallback

Requests password data to be entered by the user. 

ChoiceCallback

Used when the application user must choose from multiple values. 

ConfirmationCallback

Sends button information such as text which needs to be rendered on the module’s screen to the authentication interface. 

HttpCallback

Used by the authentication module with HTTP-based handshaking negotiation. 

SAMLCallback

 

Used for passing either Web artifact or SAML POST response from SAML service to the SAML authentication module when this module requests for the respective credentials. This authentication module behaves as SAML recipient for both (Web artifact or SAML POST response) and retrieves and validates SAML assertions. 

Attributes

The following table describes attributes for the Callbacks element.

length

The number or length of callbacks.

order

Is the sequence of the group of callbacks.

timeout

Number of seconds the user has to enter credentials before the page times out. Default is 60.

template

Defines the UI .jsp template name to be displayed.

image

Defines the UI or page-level image attributes for the UI customization

header

Text header information to be displayed on the UI. Default is Authentication.

error

Indicates whether authentication framework/module needs to terminate the authentication process. If yes, then the value is true. Default is false .

ConfirmationCallback Element

The ConfirmtationCallback element is used by the authentication module to send button information for multiple buttons. An example is the button text which must be rendered on the UI page. The ConfirmationCallback element also receives the selected button information from the UI.

Nested Element

ConfirmationCallback has one nested element named OptionValues. The OptionValues element provides a list or an array of button text information to be rendered on the UI page.OptionValues takes no attributes.

If there is only one button on the UI page, then the module is not required to send this callback. If ConfirmationCallback is not provided through the Authentication Module properties XML file, then anAuthUI.properties will be used to pick and display the button text or label for the Login button. anAuthUI.properties is the global UI i18n properties file for all modules.

Callbacks length value should be adjusted accordingly after addition of the new callback.

Example:

<ConfirmationCallback>
    <OptionValues>
        <OptionValue>
            <Value> <required button text> </Value>
        </OptionValue>
    </OptionValues>
</ConfirmationCallback>