To Enable Pass-Through Authentication on a Resource Type

1. Ensure that the adapter’s getFeatures() method returns ResourceAdapter.ACCOUNT_LOGIN as a supported feature.

   • If your custom adapter overrides the ResourceAdapterBase implementation, add the following code.

     public GenericObject getFeatures() { GenericObject genObj = super.getFeatures(); genObj.put(Features.ACCOUNT_RENAME, Features.ACCOUNT_RENAME); .. other features supported by this Resource Adapter … return genObj; }

   • If your custom adapter does not override the getFeatures() implementation in the ResourceAdapterBase class, it will inherit the getFeatures() implementation that is exported for ACCOUNT_LOGIN by default.

2. Add the <LoginConfigEntry> element to the adapter’s prototypeXML.

3. Implement the adapter’s authenticate() method.

   The authenticate() method authenticates the user against the resource by using the authentication property name/value pairs provided in the loginInfo map. If authentication succeeds, be sure that the authenticated unique ID is returned in the WavesetResult by adding a result as follows:

   result.addResult(Constants.AUTHENTICATED_IDENTITY, accountID);

   If authentication succeeded, but the user’s password was expired, then in addition to the identity added above, also add the password expired indicator to the result to be returned. This will ensure that the user will be forced to change their password on at least resource upon next login to Identity Manager.

   result.addResult(Constants.RESOURCE_PASSWORD_EXPIRED, new Boolean(true));

   If authentication fails (because the user name or password is invalid), then:

   throw new WavesetException("Authentication failed for " + uid + ".");