XML files describe the authentication module-specific properties based on the Authentication Module Properties DTD file: AccessManager-base/SUNWam/Auth_Module_Properties.dtd. Access Manager defines required credentials and callback information for each of the default authentication modules. By default, Authentication XML files are installed in the following directory:
AccessManager-base/SUNWam/web-src/services/config/auth/default The table XML Files provides descriptions of the authentication module configuration files.
XML files are looked up from the deployed location. In previous Access Manager versions, the XML files were looked up from the installed location.
Table 4–3 List of Authentication Module Configuration Files
File Name |
Purpose |
---|---|
AD.xml |
Defines a Login screen for use with Active Directory authentication. |
Anonymous.xml |
For anonymous authentication, although there are no specific credentials required to authenticate. |
Application.xml |
Needed for application authentication. |
Cert.xml |
For certificate-based authentication although there are no specific credentials required to authenticate. |
HTTPBasic.xml |
Defines one screen with a header only as credentials are requested via the user’s web browser. |
JDBC.xml |
Defines a Login screen for use with Java Database Connectivity (JDBC) authentication. |
LDAP.xml |
Defines a Login screen, a Change Password screen and two error message screens (Reset Password and User Inactive). |
Membership.xml |
Default data interface which can be used to customize for any domain. |
MSISDN.xml |
Defines a Login screen for use with Mobile Subscriber ISDN (MSISDN). |
NT.xml |
Defines a Login screen. |
RADIUS.xml |
Defines a Login screen and a RADIUS Password Challenge screen. |
SafeWord.xml |
Defines two Login screens: one for User Name and the next for Password. |
SAML.xml |
Defines a Logins screen for Security Assertion Markup Language (SAML) authentication. |
SecurID.xml |
Defines five Login screens including UserID and Passcode, PIN mode, and Token Passcode. |
Unix.xml |
Defines a Login screen and an Expired Password screen. |
The Callbacks element is used to define the information a module needs to gather from the client requesting authentication. Each Callbacks element signifies a separate screen that can be called during the authentication process.
The following table describes nested elements for the Callbacks element.
Element |
Required |
Description |
NameCallback |
* |
Requests data from the user; for example, a user identification. |
PasswordCallback |
* |
Requests password data to be entered by the user. |
ChoiceCallback |
* |
Used when the application user must choose from multiple values. |
ConfirmationCallback |
* |
Sends button information such as text which needs to be rendered on the module’s screen to the authentication interface. |
HttpCallback |
* |
Used by the authentication module with HTTP-based handshaking negotiation. |
SAMLCallback |
Used for passing either Web artifact or SAML POST response from SAML service to the SAML authentication module when this module requests for the respective credentials. This authentication module behaves as SAML recipient for both (Web artifact or SAML POST response) and retrieves and validates SAML assertions. |
The following table describes attributes for the Callbacks element.
The number or length of callbacks.
Is the sequence of the group of callbacks.
Number of seconds the user has to enter credentials before the page times out. Default is 60.
Defines the UI .jsp template name to be displayed.
Defines the UI or page-level image attributes for the UI customization
Text header information to be displayed on the UI. Default is Authentication.
Indicates whether authentication framework/module needs to terminate the authentication process. If yes, then the value is true. Default is false .
The ConfirmtationCallback element is used by the authentication module to send button information for multiple buttons. An example is the button text which must be rendered on the UI page. The ConfirmationCallback element also receives the selected button information from the UI.
ConfirmationCallback has one nested element named OptionValues. The OptionValues element provides a list or an array of button text information to be rendered on the UI page.OptionValues takes no attributes.
If there is only one button on the UI page, then the module is not required to send this callback. If ConfirmationCallback is not provided through the Authentication Module properties XML file, then anAuthUI.properties will be used to pick and display the button text or label for the Login button. anAuthUI.properties is the global UI i18n properties file for all modules.
Callbacks length value should be adjusted accordingly after addition of the new callback.
Example:
<ConfirmationCallback> <OptionValues> <OptionValue> <Value> <required button text> </Value> </OptionValue> </OptionValues> </ConfirmationCallback>