Using P-Asserted Identity Authentication
P-asserted identity authentication is based on RFC 3325 and JSR 289. Using P-asserted identity authentication in a SIP or converged web/SIP application involves the following tasks, the first two of which are the same as for identity authentication:
Configuring a Trust
You can create a P-asserted identity trust configuration in one of these ways:
-
In the Admin Console, open the Security component under the relevant configuration and go to the Trust Configurations page. For details, click the Help button in the Admin Console.
-
Use the asadmin create-trust-config command to create trust configurations on local servers. For details, see the Sun GlassFish Communications Server 2.0 Reference Manual.
The default trust handler trusts all hosts and maps the P-Asserted-Identity header values to a format suitable for use in authentication and authorization tasks. For example, Cullen Jennings is mapped to CullenJ. To create a custom trust handler, see Creating a Custom Trust Handler for P-Asserted Identity Authentication.
Configuring sun-sip.xml for P-Asserted Identity Authentication
Set the following properties in the sun-sip.xml file:
-
trust-auth-realm-ref — Refers to the jdbcRealm that has assertedRealm as its JAAS context value. See Configuring a Realm for Identity Authentication.
-
trust-id-ref — Refers to the name of the trust configuration. See Configuring a Trust.
For example:
<sun-sip-app>
...
<property name="trust-auth-realm-ref" value="MyAssertedAppRealm" />
<property name="trust-id-ref" value="MyTrustConfig" />
</sun-sip-app>
- © 2010, Oracle Corporation and/or its affiliates