test

Sun Java System Access Manager 7 2005Q4 Administration Guide

User-based Authentication Redirection URLs

Upon a successful or failed user-based authentication, Access Manager looks for information on where to redirect the user. Following is the order of precedence in which the application will look for this information.

Successful User-based Authentication Redirection URLs

The redirection URL for successful user-based authentication is determined by checking the following places in order of precedence:

  1. A URL set by the authentication module.

  2. A URL set by a goto Login URL parameter.

  3. A URL set in the clientType custom files for the iplanet-am-user-success-url attribute of the user’s profile ( amUser.xml).

  4. A URL set in the clientType custom files for the iplanet-am-auth-login-success-url attribute of the user’s role entry.

  5. A URL set in the clientType custom files for the iplanet-am-auth-login-success-url attribute of the user’s realm entry.

  6. A URL set in the clientType custom files for the iplanet-am-auth-login-success-url attribute as a global default.

  7. A URL set in the iplanet-am-user-success-url attribute of the user’s profile (amUser.xml).

  8. A URL set in the iplanet-am-auth-login-success-url attribute of the user’s role entry.

  9. A URL set in the iplanet-am-auth-login-success-url attribute of the user’s realm entry.

  10. A URL set in the iplanet-am-auth-login-success-url attribute as a global default.

Failed User-based Authentication Redirection URLs

The redirection URL for failed user-based authentication is determined by checking the following places in the following order:

  1. A URL set by the authentication module.

  2. A URL set by a gotoOnFail Login URL parameter.

  3. A URL set in the clientType custom files for the iplanet-am-user-failure-url attribute of the user’s entry ( amUser.xml).

  4. A URL set in the clientType custom files for the iplanet-am-auth-login-failure-url attribute of the user’s role entry.

  5. A URL set in the clientType custom files for the iplanet-am-auth-login-failure-url attribute of the user’s realm entry.

  6. A URL set in the clientType custom files for the iplanet-am-auth-login-failure-url attribute as a global default.

  7. A URL set for the iplanet-am-user-failure-url attribute in the user’s entry (amUser.xml).

  8. A URL set for the iplanet-am-auth-login-failure-url attribute of the user’s role entry.

  9. A URL set for the iplanet-am-auth-login-failure-url attribute of the user’s realm entry.

  10. A URL set for the iplanet-am-auth-login-failure-url attribute as the global default.

ProcedureTo Configure User-Based Authentication

  1. Navigate to the realm in which you wish to configure authentication for the user.

  2. Click the Subjects tab and click Users.

  3. Click the name of the user you wish to modify

    The User Profile is displayed.

    Note –

    If you are creating a new user, the Authentication Configuration service is not automatically assigned to the user. Make sure that you select the Authentication Configuration service option in the Service profile before you create the user. If this option is not selected, the user will not inherit the authentication configuration defined at for the role.

  4. In the User Authentication Configuration attribute, select the authentication chain you wish to apply.

  5. Click Save.