Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Identity Server Customization and API Guide

Chapter 11
Client Detection Service

The Sun ONE Identity Server Authentication Service has the capability of being accessed from many client types, whether HTML-based, WML-based or other protocols. In order for this function to work, Identity Server must be able to identify the client type. The Client Detection Service is used for this purpose. This chapter offers information on the service, and how it can be used to recognize the client type. It contains the following sections:


The Identity Server Authentication Service has the capability to process requests from multiple browser type clients. Thus, the service can be used to authenticate users attempting to access applications based in HTML, WML or other protocols.


The Identity Server console though can not be accessed from any client type except HTML.

The client detection API can be used to determine the protocol of the requesting client browser and retrieve the correctly formatted pages for the particular client type.


Out of the box, Identity Server only defines client data for supported HTML client browsers. A list of supported browsers can be found in Chapter 1, "Introduction" under the section "Client Browser Support".

Client Detection Process

Since any user requesting access to Identity Server must first be successfully authenticated, browser type client detection is accomplished within the Authentication Service. When a client’s request is passed to Identity Server, it is directed to the Authentication Service. Within this service, the first step in user validation is to identify the browser type using the User-Agent field stored in the HTTP request.


The User-Agent field contains product tokens which contains information about the browser type client originating the HTTP request. The tokens are a standard used to allow communicating applications to identify themselves. The format is software/version library/version.

The User-Agent information is then matched to browser type data defined and stored in the amClientData.xml file.


User-Agent information is defined in amClientData.xml but this information is stored in Directory Server under Client Detection Service.

Based on this Client Data, correctly formatted browser pages are sent back to the client for authentication (for example, HTML or WML pages). Once the user is validated, the client type is added to the session token (as the key clientType) where it can be retrieved and used by other Identity Server services. (If there is no matching client data, the default type is returned.)


The userAgent must be a part of the client data configured for all browser type clients. It can be a partial string or the exact product token.

Enabling Client Detection

By default, the client detection capability is disabled; this then assumes the client to be of the genericHTML type (i.e. Identity Server will be accessed from a HTML browser). The preferred way to enable the Client Detection Service is to use the Identity Server console and select the option in the Client Detection Service itself. For more information, see the Sun ONE Identity Server Administration Guide. To enable client detection using the amClientDetection.xml, the iplanet-am-client-detection-enabled attribute must be set to true. amClientDetection.xml must then be deleted from Directory Server and reloaded using amAdmin. The following procedure illustrates the complete enabling process.

  1. Import client data XML file using the amadmin command /IdentityServer_base/SUNWam/bin/amadmin -u amadmin_DN -w amadmin_password -t name_of_XML_file
  2. This step is only necessary if the client data is not already defined in amClientData.xml. The XML file is based on the "The sms.dtd Structure" of Chapter 6, "Service Management."

  3. Restart Identity Server.
  4. Login to Identity Server console.
  5. Go to Service Configuration and click the ClientDetectionproperties.
  6. Enable Client Detection.
  7. Make sure the imported data can be viewed with Identity Server console.
  8. Click on the Edit button next to the Client Data attribute.

  9. Create a directory for new client type and add customized JSPs.
  10. Create a new directory in /IdentityServer_base/SUNWam/web-apps/services/config/auth/default/ and add JSPs for the new client type. Code Example 11-1 is a login page written for a WML browser.

    Code Example 11-1  Login.jsp Written In WML

    <?xml version="1.0"?>

    <!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "">

    <!-- Copyright Sun Microsystems, Inc. All Rights Reserved -->



    <meta http-equiv="Cache-Control" content="max-age=0"/>


    <card id="authmenu" title="Username">

    <do type="accept" label="Enter">

    <go method="get" href="/wireless">

    <postfield name="TOKEN0" value="$username"/>

    <postfield name="TOKEN1" value="$password"/>




    Enter username:

    <input type="text" name="password"/>



    Enter password:

    <input type="text" name="username"/>




Client Data

In order to detect client types, Identity Server needs to recognize their identifying characteristics. These characteristics identify the features of all supported types and are defined in the amClientData.xml service file. The full scope of client data available is defined as a schema in amClientData.xml. The configured Identity Server client data available for HTML-based browsers is defined as sub-configurations of the overall schema: genericHTML and its parent HTML.


Parent profiles (or styles, as they are referred to in the Identity Server console) are defined with properties that are common to its configured child devices. This allows for the dynamic inheritance of the parent properties to the child devices making the device profiles easier to mange.


HTML is a base style containing properties common to HTML-based browsers. It might have several branches including web-based HTML (or genericHTML), cHTML (Compact HTML) and others. All configured devices for this style could inherit these properties which include:


genericHTML is a configured device that inherits properties from the HTML style as well as defining its own properties. It refers to a HTML browser (Netscape Navigator™, Microsoft® Internet Explorer, or Mozilla™). Its properties include:

Client Detection API

Identity Server is packaged with a Java API which can implement the client detection functionality. The client detection API are in a package called This package provides the interfaces and classes needed to retrieve client properties. The client detection procedure would include defining the client type characteristics (as stated in "Client Data") as well as implementing the client detection API within the external application.

The client detection capability is provided by ClientDetectionInterface, a pluggable interface (not an API invoked by a regular application). It provides a getClientType method. The getClientType method extracts the client data from the browser’s incoming HttpRequest, matches the user agent information and returns the ClientType as a string. Upon successful authentication, the client type is added to the user’s session token. The ClientDetectionException handles any error conditions.

Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.