Sun OpenSSO Enterprise 8.0 Technical Overview

Authentication Service Programming Interfaces

OpenSSO Enterprise provides both Java APIs and C APIs for writing authentication clients that remote applications can use to gain access to the Authenticate Service. Communication between the APIs and the Authentication Service occurs by sending XML messages over HTTP(S). The Java and C APIs support all authentication types supported by the browser-based user interface. Clients other than Java and C clients can use the XML/HTTP interface directly to initiate an authentication request. Additionally, you can add custom authentication modules to OpenSSO Enterprise by using the service provider interface (SPI) package, com.iplanet.authentication.spi. This SPI implements the JAAS LoginModule, and provides additional methods to access the Authentication Service and module configuration properties files. Because of this architecture, any custom JAAS authentication module will work within the Authentication Service. For more information, see Chapter 1, Using the Authentication Service API and SPI, in Sun OpenSSO Enterprise 8.0 Developer’s Guide and Sun OpenSSO Enterprise 8.0 Java API Reference.

OpenSSO Enterprise also provides a Client SDK that can implement authentication logic on a remote web server or application server. For information, see Chapter 14, Using the Client SDK, in Sun OpenSSO Enterprise 8.0 Developer’s Guide.