Access Manager provides a remote Authentication user interface component to enable secure, distributed authentication across two firewalls. You can install the remote authentication user interface component on any servlet-compliant web container within the non-secure layer of an Access Manager deployment. The remote component works with Authentication client APIs and authentication utility classes to authenticate web users. The remote component is customizable and uses a JATO presentation framework.
For detailed information on how Distributed Authentication works, see Distributed Authentication User Interface in Sun Java System Access Manager 7.1 Technical Overview and Chapter 11, Deploying a Distributed Authentication UI Server, in Sun Java System Access Manager 7.1 Postinstallation Guide.
Once the Distributed Authentication component is installed and deployed, you can modify the JSP templates and module configuration properties files to reflect branding and specific functionality for any of the following:
This is the organization or sub-organization of the request.
Locale of the request.
Client Type information of the request.
Service name for service-based authentication.
The Distributed Authentication User Interface package must already be installed. For detailed installation instructions, see Installing and Configuring a Distributed Authentication UI Server Using the Java ES Installer in Sun Java System Access Manager 7.1 Postinstallation Guide.
Explode the Distributed Authentication User Interface WAR.
At the command line, go to the directory where the default JSP templates are stored.
Example:
cd DistributedAuth-base/config/auth
where DistributedAuth-base is the directory where the Distributed Authentication User Interface package is exploded.
Create a new directory using the appropriate directory path based on the level of customization.
Use the following form:
org_locale/orgPath/filePath org/orgPath/filePath default_locale/orgPath/filePath default/orgPath/filePath
where:
orgPath = subOrg1/subOrg2 filePath = clientPath + serviceName clientPath = clientType/sub-clientType
The following are optional: Sub-org, Locale , Client Path , and Service Name . In the following example, orgPath and filePath are optional.
For example, given the following:
org = iplanet locale = en subOrg = solaris clientPath = html/nokia/ serviceName = paycheck
the appropriate directory paths for the above are:
iplanet_en/solaris/html/nokia/paycheck iplanet/solaris/html/nokia/paycheck default_en/solaris/html/nokia/paycheck default/solaris/html/nokia/paycheck
Copy all the JSP templates and authentication module configuration properties XML files from the default directory to the new directory.
cp DistributedAuth-base/config/auth/default/*.jsp DistributedAuth-base/config/auth/new_directory_path
cp DistributedAuth-base/config/auth/default/*.xml DistributedAuth-base/config/auth/new_directory_path
(Optional) Modify the files in the new directory to suit your needs.
For information about customizing the .jsp files, see Java Server Pages.
For information about customizing the .xml files, XML Files.
Create a new .WAR file named amauthdistui_deploy.war from DistributedAuth-base.
Deploy amauthdistui_deploy.war.
The web container administrator deploys the file in the remote web container.