A sample program demonstrates how to write pure a JAAS module to replay callbacks by authenticating using Access Manager Authentication Client API. It will authenticate a user by replaying the callbacks required by Access Manager the Authentication Module. You can modify this program to use other existing or customized Access Manager Authentication modules. This sample module can be plugged in into any standard JAAS framework using the JAAS API.
For detailed information on JAAS, see the Sun Developer Documentation at the following URL:http://java.sun.com/products/jaas/. For detailed information on how to write a JAAS module, see the JAAS LoginModule Developer’s Guide at the following URL:
http://java.sun.com/j2se/1.4.2/docs/guide/security/ jaas/JAASLMDevGuide.html
Variable |
Description |
Location |
---|---|---|
Config_directory |
Directory that contains configuration files |
/CONFIG_DIR = /etc/opt/SUNWam/config |
Product_Directory |
Directory where Access Manager is installed. |
PRODUCT_DIR = <install_root>/SUNWam |
Table 2–6 Default directories for Linux
Variable |
Description |
Location |
---|---|---|
Config_Directory |
Directory that contains configuration files |
CONFIG_DIR = /etc/opt/sun/identity/config |
Product_Directory |
Directory where Access Manager is installed. |
PRODUCT_DIR = <install_root>/sun/identity |
Table 2–7 Default directories for Windows 2000
Variable |
Description |
Location |
---|---|---|
Config_Directory |
Directory that contains configuration files |
CONFIG_DIR = <install_root>\lib |
Product_Directory |
Directory where Access Manager is installed. |
In the Makefile, set the following variables:
BASE: Enter the path to the directory where Access manager is installed.
JAVA_HOME: Enter the path to the directory where Java compiler is installed
CONFIG: Enter the entry specified in the login configuration file. This entry will be used to do the user authentication
Copy AMConfig.properties from Access Manager server installation machine location <CONFIG_DIR> to the client machine where the sample will be run.
On the client machine, be sure the following are in your classpath:
am_services.jar
jaas.jar
jss3.jar
AMConfig.properties
Include jaas.jar in your classpath if you are using a JDK version less than JDK1.4
A sample configuration file purejaassample.config is provided for testing this sample.
The file contains only one entry named Sample. Sample is the name to be entered for CONFIG in the Makefile:
Sample { PureJAASSampleLoginModule required ORG_NAME="dc=iplanet,dc=com" INDEX_NAME="LDAP" debug=true; }; |
The entry specifies that the LoginModule to be used to do the user authentication is the PureJAASSampleLoginModule and that this SampleLoginModule must succeed in order for authentication to be considered successful. It passes options with ORG_NAME as the organization name and INDEX_NAME as the Access Manager authentication module to which this sample must authenticate.
If you must use a different login configuration, modify the Makefile. For example, change the following:
-Djava.security.auth.login.config=purejaassample.config
to this:
-Djava.security.auth.login.config=your_jaas_config_file.config
To compile, run the gmake command.
To run the sample program run the gmake run command.
In the sample client program, add this JVM property:
-D "java.protocol.handler.pkgs=com.iplanet.services.comm"
In the AMConfig.properties file, edit the following properties:
com.iplanet.am.admin.cli.certdb.dir: <PRODUCT_DIR>/servers/alias
com.iplanet.am.admin.cli.certdb.prefix: https-machine1.com-machine1-
com.iplanet.am.server.protocol: https
com.iplanet.am.server.port: Enter the appropriate port on the server machine where machine1 is the host name of the server
In make.bat, set the following properties:
BASE: Enter the path to the directory where Access manager is installed
JAVA_HOME: Enter the path to the directory where the Java compiler is installed.
CONFIG: Enter the entry which will be used for user authentication. This entry is specified in the login configuration file.
Copy AMConfig.properties from Access Manager server installation machine location <CONFIG_DIR> to the client machine where this sample will be run.
On the client machine, make sure the following are in your classpath:
am_services.jar
jaas.jar
jss3.jar
AMConfig.properties
Include jaas.jar in your classpath if you are using JDK version less than JDK1.4.
A sample configuration file purejaassample.config is provided for testing this sample.
The file contains only one entry named.Sample. Sample is the name to be entered for CONFIG in the Makefile.
Sample { PureJAASSampleLoginModule required ORG_NAME="dc=iplanet,dc=com" INDEX_NAME="LDAP" debug=true; }; |
The entry specifies that the LoginModule to be used to do the user authentication is the PureJAASSampleLoginModule. SampleLoginModule is must succeed in order for authentication to be considered successful. It passes options with ORG_NAME as the organization name and INDEX_NAME as the Access Manager authentication module to which this sample has to authenticate.
If you must use a different login configuration, modify the Makefile. For example, change the following:
-Djava.security.auth.login.config=purejaassample.config
to this:
-Djava.security.auth.login.config=your_jaas_config_file.config
To compile, run the make command.
To run the sample program, run the make run command.
In the sample client program, add this JVM property:
-D "java.protocol.handler.pkgs=com.iplanet.services.comm"
Edit the following properties in the AMConfig.properties file:
com.iplanet.am.admin.cli.certdb.dir: <install-dir>\SUN\IdentityServer6\Servers\alias
com.iplanet.am.admin.cli.certdb.prefix:https-machine1.red.iplanet.com-machine1-
com.iplanet.am.server.protocol: https
com.iplanet.am.server.port: Enter the appropriate port on the server machine where machine1 is the host name of the server
For the detailed information, see the Javadoc for Remote Client APIs. By default, Access Manager Javadoc is installed in the following directory:
AccessManager-base/SUNWam/docs
For the detailed information on how to plug the Login Module into the standard JAAS Context, see the JAAS Reference Guide at the following URL:
http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASRefGuide.html