How the Authentication Java APIs Work
External Java applications can authenticate users with the Access Manager Authentication Service by using the Authentication Java APIs. The APIs are organized in a package called com.sun.identity.authentication and can be executed locally or remotely. The classes and methods defined in this package are used to initiate the authentication process and communicate authentication credentials to the specific modules within the Authentication Service. The classes and methods can be incorporated into a Java application to allow communication with the Authentication Service.
The first step necessary for an external Java application to authenticate to Access Manager is to create a new AuthContext object (com.sun.identity.authentication.AuthContext). The AuthContext class is defined for each authentication request as it initiates the authentication process. Since Access Manager can handle multiple organizations, AuthContext is initialized, at the least, with the name of the organization to which the requestor is authenticating. Once an AuthContext object has been created, the login() method is called indicating to the server what method of authentication is desired.
IndexName is the value of the authentication type. The following table summarizes IndexName values and their corresponding authentication types.
Table 2–1 IndexName Values|
IndexName Value |
Authentication Type |
|---|---|
|
AuthContext.IndexType.ROLE |
Role-based |
|
AuthContext.IndexType.SERVICE |
Service-based |
|
AuthContext.IndexType.USER |
User-based |
|
AuthContext.IndexType.LEVEL |
Authentication Level-based |
|
AuthContext.IndexType.MODULE_INSTANCE |
Module-based |
The getRequirements() method then calls the objects that will be populated by the user. Depending on the parameters passed with the instantiated AuthContext object and the two method calls, Access Manager responds to the client request with the correct login requirement screens. For example, if the requested user is authenticating to an organization configured for LDAP authentication only, the server will respond with the LDAP login requirement screen to supply a user name and a password. The client must then loop by calling the hasMoreRequirements() method until the required credentials have been entered. Once entered, the credentials are submitted back to the server with the method call submitRequirements() . The final step is for the client to make a getStatus() method call to determine if the authentication was successful. If successful, the caller obtains a session token for the user; if not, a LoginException is thrown.
Because the Authentication Service is built on the JAAS framework, the Authentication API can also invoke any authentication modules written purely with the JAAS API.
For detailed information about Java APIs for authentication, see the Javadoc in the following directory:
AccessManager-base/SUNWam/docs
- © 2010, Oracle Corporation and/or its affiliates