Implementing Authentication PostProcessing SPI

The Authentication SPI includes the AMPostAuthProcessInterface which can be implemented for post-processing tasks. The AMPostProcessInterface Javadoc are available at:

AccessManager-base/SUNWam/docs/com/sun/identity/authentication/spi/ AMPostAuthProcessInterface.html

The SPI is configurable at the organization, service and role levels. The Authentication Service invokes the post processing SPI methods on successful or failed authentication and on logout.

About the PostProcessing SPI Sample

<PRODUCT_DIR> or AccessManager-base directory on different Platforms:

• Solaris Sparc/x86: AccessManager-base/SUNWam

• Linux: AccessManager-base/sun/identity

To Compile the ISAuthPostProcessSample Program on Solaris Sparc/x86 or Linux

Follow these steps given below to compile the sample found under AccessManager-base/samples/authentication/spi/postprocess.

1. Set the following environment variables.

   JAVA_HOME: Set this variable to your installation of JDK. The JDK should be version 1.3.1_06 or higher.

   CLASSPATH: Set this variable to refer to am_services.jar which can be found in the AccessManager-base/lib directory. Include jaas.jar in your classpath if you are using JDK version lower than JDK1.4

   BASE_DIR: Set this variable to the directory where Access Manager is installed.

   BASE_CLASS_DIR: Set this variable to the directory where all the Sample compiled classes are located.

   JAR_DIR: Set this variable to the directory where the JAR files of the Sample compiled classes will be created.

   These variables will be used to run the gmake command. You can also set these variables in the Makefile. This Makefile is in the following directory: AccessManager-base/samples/authentication/spi/postprocess.

2. In the directory AccessManager-base /samples/authentication/spi/postprocess, run the gmake command.

To Deploy the ISAuthPostProcess Sample Program

1. Copy ISAuthPostProcess.jar from JAR_DIR to AccessManager-base/lib.

2. Update the Web Container configuration file server.xml.

   Add ISAuthPostProcessSample.jar to the classpath. The server.xml file for different web containers can be found at the following locations:

   Web Server: <WS-home-dir>/https-<WS-instance-name>/config/

   Application Server:<AS-home-dir>/domain/domain1/server1/config/

   For all other web containers consult, the manufacturer’s documentation.

3. Restart the web container.

   Web Server: <WS-home-dir>/https-<WS-instance-name>/restart

   Application Server: <AS-install-dir>/<domains>/<domain name>/<server instance>/bin/restartserv Example: /<AS-home-dir>/domains/domain1/server1/bin/restartserv

   For all other web containers consult their documentation.

Configuring the Authentication Post Processing SPI

The Authentication PostProcessing Sample can be configured at the Organization, Service or Role level.

To Configure ISAuthPostProcess Sample for an Organization

1. Log in to Access Manager console as amAdmin. Use the following URL:

   http://host.domain:port/Console-Deploy-URI

2. Click Identity Management, and select your organization.

3. From the View menu, click Services.

4. In the navigation frame, under Authentication, click Core.

5. Add the following to the Authentication PostProcessing Class attribute:

   com.iplanet.am.samples.authentication.spi.postprocess

6. Add the following to the Authentication PostProcessing Class attribute:

   ISAuthPostProcessSample

7. Click Save.

8. Log out.

9. Go to the following URL

   If you choose to use an organization other than the default, be sure to specify that in the URL using the org parameter.

   The postprocessing SPI will be executed on successful authentication, on failed authentication, and on Logout.

To Configure the ISAuthPostProcess Sample for a Service

1. Log in to Access Manager console as amAdmin. Use the following URL:

   http://<host>.<domain>:<port>/<Console-Deploy-URI>

2. Click Identity Management, and select your organization.

3. From the View menu, select Services.

4. Select Authentication Configuration

5. From the Service Instance frame, select New Instance.

6. Enter a name for the service.

7. Add the following to the Authentication PostProcessing Class attribute: com.iplanet.am.samples.authentication.spi.postprocess. ISAuthPostProcessSampl

8. Click Submit to save the changes.

9. Click Service Name and define the Authentication Configuration for the new service.

10. Log out.

11. Go to the following URL: http://host.domain:port/Service-Deploy-URI/UI/Login?service=servicename

    If you choose to use an organization other than the default, be sure to specify that in the URL using the org parameter.

    The postprocessing SPI will get executed on successful authentication, failed authentication and on Logout for the service accessed.

To Configure ISAuthPostProcess Sample for a Role

1. Log in to Access Manager console as amAdmin. Use the following URL:

   http://host.domain:port/Console-Deploy-URI

2. Click the Identity Management tab, and select your organization.

3. From the View menu, select Roles to view the role properties.

4. From the View menu, select Services.

5. Click Edit to edit the authentication configuration.

6. Add the following to the Authentication post Processing Class attribute:

   com.iplanet.am.samples.authentication.spi.postprocess. ISAuthPostProcessSample

7. Click Submit to save the changes.

8. Log out.

9. Go to the following URL:

   http://host.domain:port/Service-Deploy-URI/UI/Login?role=roleName

   If you choose to use an organization other than the default, be sure to specify that in the URL using the org parameter. Example: org=orgName

   The postprocessing SPI will be executed for the service accessed on successful authentication, on failed authentication, and on Logout.

Compiling On Windows 2000

Go to the base-directory\samples\authentication\spi\postprocess directory and run the make command.

To Deploy the ISAuthPostProcessSample Program

1. Copy ISAuthPostProcess.jar from JAR_DIR to base-directory\lib

2. In the Web Container from which this sample has to run, update the classpath with ISAuthPostProcess.jar.

3. Restart Access Manager.

   base-directory\bin\amserver start

To Configure Authentication Post Processing SPI

This sample can be can be set in the Core Authentication Service for Organization and Authentication Configuration Service for Role OR Service.

See the section Configuring the Authentication Post Processing SPI.