test

Sun Java System Access Manager 7 2005Q4 Administration Guide

Service-based Authentication Redirection URLs

Upon a successful or failed service-based authentication, Access Manager looks for information on where to redirect the user. Following is the order of precedence in which the application will look for this information.

Successful Service-based Authentication Redirection URLs

The redirection URL for successful service-based authentication is determined by checking the following places in the following order:

  1. A URL set by the authentication module.

  2. A URL set by a goto Login URL parameter.

  3. A URL set in the clientType custom files for the iplanet-am-user-success-url attribute of the user’s profile ( amUser.xml).

  4. A URL set in the clientType custom files for the iplanet-am-auth-login-success-url attribute of the service to which the user has authenticated.

  5. A URL set in the clientType custom files for the iplanet-am-auth-login-success-url attribute of the user’s role entry.

  6. A URL set in the clientType custom files for the iplanet-am-auth-login-success-url attribute of the user’s realm entry.

  7. A URL set in the clientType custom files for the iplanet-am-auth-login-success-url attribute as a global default.

  8. A URL set in the iplanet-am-user-success-url attribute of the user’s profile (amUser.xml).

  9. A URL set in the iplanet-am-auth-login-success-url attribute of the service to which the user has authenticated.

  10. A URL set in the iplanet-am-auth-login-success-url attribute of the user’s role entry.

  11. A URL set in the iplanet-am-auth-login-success-url attribute of the user’s realm entry.

  12. A URL set in the iplanet-am-auth-login-success-url attribute as a global default.

Failed Service-based Authentication Redirection URLs

The redirection URL for failed service-based authentication is determined by checking the following places in the following order:

  1. A URL set by the authentication module.

  2. A URL set by a goto Login URL parameter.

  3. A URL set in the clientType custom files for the iplanet-am-user-failure-url attribute of the user’s profile ( amUser.xml).

  4. A URL set in the clientType custom files for the iplanet-am-auth-login-failure-url attribute of the service to which the user has authenticated.

  5. A URL set in the clientType custom files for the iplanet-am-auth-login-failure-url attribute of the user’s role entry.

  6. A URL set in the clientType custom files for the iplanet-am-auth-login-failure-url attribute of the user’s realm entry.

  7. A URL set in the clientType custom files for the iplanet-am-auth-login-failure-url attribute as a global default.

  8. A URL set in the iplanet-am-user-failure-url attribute of the user’s profile (amUser.xml).

  9. A URL set in the iplanet-am-auth-login-failure-url attribute of the service to which the user has authenticated.

  10. A URL set in the iplanet-am-auth-login-failure-url attribute of the user’s role entry.

  11. A URL set in the iplanet-am-auth-login-failure-url attribute of the user’s realm entry.

  12. A URL set in the iplanet-am-auth-login-failure-url attribute as a global default.

ProcedureTo Configure Service-Based Authentication

Authentication modules are set for services after adding the Authentication Configuration service. To do so:

  1. Chose the realm to which you wish to configure service-based authentication.

  2. Click the Authentication tab.

  3. Create the authentication module instances.

  4. Create the authentication chains.

  5. Click Save.

  6. To access service-based authentication for the realm, enter the following address:

    http://server_name.domain_name:port/amserver/UI/Login?realm=realm_name&service=auth-chain-name