test

Sun Java System Access Manager 7.1 Developer's Guide

Implementing A Pure JAAS Module

A sample program demonstrates how to write pure a JAAS module to replay callbacks by authenticating using Access Manager Authentication Client API. It will authenticate a user by replaying the callbacks required by Access Manager the Authentication Module. You can modify this program to use other existing or customized Access Manager Authentication modules. This sample module can be plugged in into any standard JAAS framework using the JAAS API.

Note –

For detailed information on JAAS, see the Sun Developer Documentation at the following URL:http://java.sun.com/products/jaas/. For detailed information on how to write a JAAS module, see the JAAS LoginModule Developer’s Guide at the following URL: 

http://java.sun.com/j2se/1.4.2/docs/guide/security/
				jaas/JAASLMDevGuide.html

Conventions Used in the Samples

Table 2–5 Default directories for Solaris Sparc/x86

Variable 

Description 

Location 

Config_directory

Directory that contains configuration files 

/CONFIG_DIR = /etc/opt/SUNWam/config

Product_Directory

Directory where Access Manager is installed. 

PRODUCT_DIR = <install_root>/SUNWam

Table 2–6 Default directories for Linux

Variable 

Description 

Location 

Config_Directory

Directory that contains configuration files 

CONFIG_DIR = /etc/opt/sun/identity/config

Product_Directory

Directory where Access Manager is installed. 

PRODUCT_DIR = <install_root>/sun/identity

Table 2–7 Default directories for Windows 2000

Variable 

Description 

Location 

Config_Directory

Directory that contains configuration files 

CONFIG_DIR = <install_root>\lib

Product_Directory

Directory where Access Manager is installed. 

 

ProcedureTo Run the Sample on Solaris Sparc x86 or Linux:

  1. In the Makefile, set the following variables:

    BASE: Enter the path to the directory where Access manager is installed.

    JAVA_HOME: Enter the path to the directory where Java compiler is installed

    CONFIG: Enter the entry specified in the login configuration file. This entry will be used to do the user authentication

  2. Copy AMConfig.properties from Access Manager server installation machine location <CONFIG_DIR> to the client machine where the sample will be run.

  3. On the client machine, be sure the following are in your classpath:

    • am_services.jar

    • jaas.jar

    • jss3.jar

    • AMConfig.properties

      Include jaas.jar in your classpath if you are using a JDK version less than JDK1.4

  4. A sample configuration file purejaassample.config is provided for testing this sample.

    The file contains only one entry named Sample. Sample is the name to be entered for CONFIG in the Makefile:


    Sample {
 PureJAASSampleLoginModule required ORG_NAME="dc=iplanet,dc=com"
			INDEX_NAME="LDAP" debug=true;
 };

    The entry specifies that the LoginModule to be used to do the user authentication is the PureJAASSampleLoginModule and that this SampleLoginModule must succeed in order for authentication to be considered successful. It passes options with ORG_NAME as the organization name and INDEX_NAME as the Access Manager authentication module to which this sample must authenticate.

    If you must use a different login configuration, modify the Makefile. For example, change the following:

    -Djava.security.auth.login.config=purejaassample.config

    to this:

    -Djava.security.auth.login.config=your_jaas_config_file.config

  5. To compile, run the gmake command.

  6. To run the sample program run the gmake run command.

ProcedureTo Enable SSL

  1. In the sample client program, add this JVM property:

    -D "java.protocol.handler.pkgs=com.iplanet.services.comm"

  2. In the AMConfig.properties file, edit the following properties:

    com.iplanet.am.admin.cli.certdb.dir: <PRODUCT_DIR>/servers/alias

    com.iplanet.am.admin.cli.certdb.prefix: https-machine1.com-machine1-

    com.iplanet.am.server.protocol: https

    com.iplanet.am.server.port: Enter the appropriate port on the server machine where machine1 is the host name of the server

ProcedureTo Run the Sample on Windows 2000

  1. In make.bat, set the following properties:

    BASE: Enter the path to the directory where Access manager is installed

    JAVA_HOME: Enter the path to the directory where the Java compiler is installed.

    CONFIG: Enter the entry which will be used for user authentication. This entry is specified in the login configuration file.

  2. Copy AMConfig.properties from Access Manager server installation machine location <CONFIG_DIR> to the client machine where this sample will be run.

  3. On the client machine, make sure the following are in your classpath:

    • am_services.jar

    • jaas.jar

    • jss3.jar

    • AMConfig.properties

      Include jaas.jar in your classpath if you are using JDK version less than JDK1.4.

  4. A sample configuration file purejaassample.config is provided for testing this sample.

    The file contains only one entry named.Sample. Sample is the name to be entered for CONFIG in the Makefile.


    Sample {
 PureJAASSampleLoginModule required ORG_NAME="dc=iplanet,dc=com"
			INDEX_NAME="LDAP" debug=true;
 };

    The entry specifies that the LoginModule to be used to do the user authentication is the PureJAASSampleLoginModule. SampleLoginModule is must succeed in order for authentication to be considered successful. It passes options with ORG_NAME as the organization name and INDEX_NAME as the Access Manager authentication module to which this sample has to authenticate.

    If you must use a different login configuration, modify the Makefile. For example, change the following:

    -Djava.security.auth.login.config=purejaassample.config

    to this:

    -Djava.security.auth.login.config=your_jaas_config_file.config

  5. To compile, run the make command.

  6. To run the sample program, run the make run command.

ProcedureTo Enable SSL

  1. In the sample client program, add this JVM property:

    -D "java.protocol.handler.pkgs=com.iplanet.services.comm"

  2. Edit the following properties in the AMConfig.properties file:

    com.iplanet.am.admin.cli.certdb.dir: <install-dir>\SUN\IdentityServer6\Servers\alias

    com.iplanet.am.admin.cli.certdb.prefix:https-machine1.red.iplanet.com-machine1-

    com.iplanet.am.server.protocol: https

    com.iplanet.am.server.port: Enter the appropriate port on the server machine where machine1 is the host name of the server

    For the detailed information, see the Javadoc for Remote Client APIs. By default, Access Manager Javadoc is installed in the following directory:

    AccessManager-base/SUNWam/docs

    For the detailed information on how to plug the Login Module into the standard JAAS Context, see the JAAS Reference Guide at the following URL:

    http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html