Sun Java System Access Manager 7 2005Q4 Developer's Guide

Customizing the Distributed Authentication User Interface

Access Manager provides a remote Authentication user interface component to enable secure, distributed authentication across two firewalls. You can install the remote authentication user interface component on any servlet-compliant web container within the non-secure layer of an Access Manager deployment. The remote component works with Authentication client APIs and authentication utility classes to authenticate web users. The remote component is customizable and uses a JATO presentation framework.

For detailed information on how Distributed Authentication works, see Distributed Authentication User Interface Component in Sun Java System Access Manager 7 2005Q4 Technical Overview and User Authentication in Sun Java System Access Manager 7 2005Q4 Technical Overview.

Once the Distributed Authentication component is installed and deployed, you can modify the JSP templates and module configuration properties files to reflect branding and specific functionality for any of the following:


This is the organization or sub-organization of the request.


Locale of the request.

Client Path

Client Type information of the request.

Service Name (serviceName)

Service name for service-based authentication.

ProcedureTo Customize the Distributed Authentication User Interface

Before You Begin

The Distributed Authentication User Interface package must already be installed. For detailed installation instructions, see Installing and Customizing the Distributed Authentication Interface in Technical Note: Using Access Manager Distributed Authentication.

  1. Explode the Distributed Authentication User Interface WAR.

  2. At the command line, go to the directory where the default JSP templates are stored.


    cd DistributedAuth-base/config/auth

    where DistributedAuth-base is the directory where the Distributed Authentication User Interface package is exploded.

  3. Create a new directory using the appropriate directory path based on the level of customization.

    Use the following form:



    orgPath = subOrg1/subOrg2
            filePath = clientPath + serviceName
            clientPath = clientType/sub-clientType

    The following are optional: Sub-org, Locale , Client Path , and Service Name . In the following example, orgPath and filePath are optional.

    For example, given the following:

    org = iplanet
    locale = en
    subOrg = solaris
    clientPath = html/nokia/
    serviceName = paycheck

    the appropriate directory paths for the above are:

  4. Copy all the JSP templates and authentication module configuration properties XML files from the default directory to the new directory.

    cp DistributedAuth-base/config/auth/default/*.jsp  
    cp DistributedAuth-base/config/auth/default/*.xml 
  5. (Optional) Modify the files in the new directory to suit your needs.

    • For information about customizing the .jsp files, see Java Server Pages.

    • For information about customizing the .xml files, XML Files.

  6. Create a new .WAR file named amauthdistui_deploy.war from DistributedAuth-base.

  7. Deploy amauthdistui_deploy.war.

    The web container administrator deploys the file in the remote web container.