Applications written in a programming language other than Java or C can exchange authentication information with Access Manager using the XML/HTTP(s) interface. Using the URL http://server_name.domain_name :port/service_deploy_uri /authservice, an application can open a connection using the HTTP POST method and exchange XML messages with the Authentication Service. The structure of the XML messages is defined in remote-auth.dtd. In order to access the Authentication Service in this manner, the client application must contain the following:
A means of producing valid XML compliant with the remote-auth.dtd .
HTTP 1.1 compliant client implementation to send XML-configured information to Access Manager.
HTTP 1.1 compliant server implementation to receive XML-configured information from Access Manager.
An XML parser to interpret the data received from Access Manager.
The following code examples illustrate how customers might configure the XML messages posted to the Authentication Service.
Although the client application need only write XML based on the remote-auth.dtd, when these messages are sent they include additional XML code produced by the Authentication API. This additional XML code is not illustrated in the following examples.
The following example illustrates the initial XML message sent to the Access Manager. It opens a connection and asks for authentication requirements regarding the exampleorg organization to which the user will login.
<?xml version="1.0" encoding="UTF-8"?> <AuthContext version="1.0"><Request authIdentifier="0"> <Login orgName="dc=red,dc=iplanet,dc=com"> <IndexTypeNamePair indexType="moduleInstance"><IndexName>LDAP</IndexName> </IndexTypeNamePair></Login></Request></AuthContext> |
The following example illustrates the successful response from Access Manager that contains the authIdentifier, the session identifier for the initial request.
<?xml version="1.0" encoding="UTF-8"?> <AuthContext version="1.0"><Response authIdentifier="AQIC5wM2LY4SfczGP8Kp9 cqcaN1uW+C7CMdeR2afoN1ZxwY=@AAJTSQACMDE=#"> <GetRequirements><Callbacks length="3"> <PagePropertiesCallback isErrorState="false"><ModuleName>LDAP</ModuleName> <HeaderValue>This server uses LDAP Authentication</HeaderValue> <ImageName></ImageName><PageTimeOutValue>120</PageTimeOutValue> <TemplateName></TemplateName> <PageState>1</PageState> </PagePropertiesCallback> <NameCallback><Prompt> User Name: </Prompt></NameCallback> <PasswordCallback echoPassword="false"><Prompt> Password: </Prompt> </PasswordCallback></Callbacks></GetRequirements></Response></AuthContext> |
The following example illustrates the client response message back to Access Manager. It specifies the type of authentication module needed by the user to log in.
<?xml version="1.0" encoding="UTF-8"?> <AuthContext version="1.0"><Request authIdentifier="AQIC5wM2LY4SfczGP8Kp9cqca N1uW+C7CMdeR2afoN1ZxwY=@AAJTSQACMDE=#"> <SubmitRequirements><Callbacks length="2"><NameCallback><Prompt>User Name:</Prompt> <Value>amadmin</Value> </NameCallback> <PasswordCallback echoPassword="false"><Prompt>Password:</Prompt> <Value>admin123</Value> </PasswordCallback></Callbacks></SubmitRequirements></Request></AuthContext> |
The following example illustrates the return message from Access Manager which specifies the authentication module’s login requirements.
<?xml version="1.0" encoding="UTF-8"?> <AuthContext version="1.0"><Response authIdentifier="AQIC5wM2LY4SfczGP8Kp9cqcaN1uW+ C7CMdeR2afoN1ZxwY=@AAJTSQACMDE=#"> <LoginStatus status="success" ssoToken="AQIC5wM2LY4SfczGP8Kp9cqcaN1uW+C7CMdeR2afoN1 ZxwY=@AAJTSQACMDE=#" successURL="http://blitz.red.iplanet.com/amserver/console"> <Subject>AQICOIy3FdTlJoAiOyyyZRTjOVBVWAb2e5MOAizI7ky3raaKypFE3e+GGZuX6chvLgDO32Zugn pijo4xW4wUzyh2OAcdO9r9zhMU2Nhm206IuAmz9m18JWaYJpSHLqtBEcf1GbDrm3VAkERzIqsvkLKHmS1qc yaT3BJ87wH0YQnPDze4/BroBZ8N5G3mPzPz5RbE07/1/w02yH9w0+UUFwwNBLayywGsr3bJ6emSSYqxos1N 1bo98xqL4FKAzItsfUAMd6v0ylWoqkoyoSdKYNHKbqvLDIeAfhqgoldxt64Or6HMXnOxz/jiVauh2mmwBpH q1H2mOeF3agfUfuzKxBpLfELLwCH6QWcJmOZl0eNCFkGl7VwfnCJpTx1WcUhPSg0xD26D3dCQNruJpHPgzZ FThe55M2gQ2qX+I1klmvzghSqiYfyoGg2SFeBeHE7iHuujO0e6UZgKDrOQPjU9aDh1GxxnsMQmaNkjuW+up ghruWBGy+mDWmPQTme2bQWPIjBgB4wTDXTedeDzDBeulhCH4M0Ak9lvS7EIv6kHX5pRph6d0ND4/RVHka3k WcQ5e0w2HpPjOxzNrWMfyXTkQJwOrA8yh1eBjG04VwiVqDV4wAV5EsIsIt0TrtAW2VZwV/KtLcGmjaKaT0H dwRy0M4DHEqDbc6jF5ItVo9NneGFXMswPIoLm2nLuMrteAt7AtK7FGuCHlfYLavKoROtjaSuYTJGFwgz8Oi vZ2r9boVnWVlz7ehwlyHvdfmpSKVl76Y4qEclX25m+lddAZE92RgSIrg97fp9gBOk2gVJWoQORNRDV2siHr 26 RiPLdvW3foG0hZgpLimJuLdByThRd/tdknDCCNRzelv7khr6nLPVPFVBgEJWlHmuffkdz4OsL0omFWpi Jq05sQCPs/q6rq9ZJ98a8mcFK10BVPQki/1VfkIbKAdO4eswsIMalYkglBqXT4ARVTWRCWRNMCTDlQitF3g T51AHn1WioFPm+NZ2KagVjQR6JFxHbdW0bKN7cLQViArJJFRtktR1BJh31/K+dAM2P+KbT1Lq13UUvXCynS QwVbf7HJP5m3XrIQ6PtgZs4TB026H+iKy5T85YNL03j9sNnALiIKJEgvGLg2jxG+SU10xNLz3P3UVqmAnQI 9FIjmCtJcFtlLYR6BbkTvZVKxWz6+SoxNfDeKhIDwxkTNTLOzK491KzU/XAZTKmvdxTgf+WikbriBhFjsJ4 M6Npsq4p9Ksrjun9FVBTE/EUT5X/bY8zXLm0nw5KspQ7XRHPwrppQMVMMekz5qrNtQ9Cw/TeOhm4jvww/Bz j4rydi7s7D10s2BWMfcuxmwQEipAWNmraKL37wWskrCdAzO2HXH4iJjWimiJ6J</Subject> </LoginStatus></Response></AuthContext> |