Login Configuration and Pass-Through Authentication
The <LoginConfigEntry> element specifies the name and type of login module as well as
the set of authentication properties required by this resource type to complete
successful user authentication.
The <LoginConfig> and <SupportedApplications> sections
of the adapter file specify whether the resource will be included in the options
list on the Login Module configuration pages. Do not change this section of
the file if you want the resource to appear in the options list.
Each <AuthnProperty> element contains the following attributes.
Table 10–11
<AuthnProperty> Element
Attributes
Attribute
|
Description
|
dataSource
|
Specifies the source for the value of this property. Data sources for
this property value include:
-
user (Default):
Value provided by the user at login time.
-
http attribute: Value provided
by the specified http session attribute.
-
http header: Value provided
by the specified http header.
-
http remote user: Value
provided by the http request’s remote user property.
-
http request: Value provided
by the specified http request parameter.
-
resource attribute (Active
Directory only): Value allows you to specify an extra authentication attribute
for the specific adapter. This attribute is only valid for the resource on
which it is defined, and it cannot be manipulated by the user.
-
x509 certificate: Value
is the X509 client certificate (only valid for requests made using https).
|
displayName
|
Specifies the value to use when this property is added as an HTML item
to the Login form.
|
doNotMap
|
Specifies whether to map to a LoginConfigEntry.
|
formFieldType
|
Specifies the data type that can be either text or password. This type is used to control whether data input in the
HTML field associated with this property is visible (text) or not (password)
|
isId
|
Specifies whether this property value should be mapped to the Waveset accountID. For
example, a property should not be mapped if the property value is an X509
certificate.
|
name
|
Identifies the internal authentication property name.
|
User management across forests is only possible when multiple gateways,
one for each forest, are deployed. In this case, you can configure the adapters
to use a predefined domain for authentication per adapter without requiring
the user to specify a domain as follows: