Authentication Web Service
The Authentication Web Service adds authentication functionality to the SOAP binding. It provides authentication to a WSC, allowing the WSC to obtain security tokens for further interactions with other services at the same provider. These other services may include a discovery service or single sign-on service. Upon successful authentication, the final Simple Authentication and Security Layer (SASL) response contains the resource offering for the Discovery Service.
Caution – Do not confuse the Liberty-based Authentication Web Service with the proprietary OpenSSO Enterprise Authentication Service discussed in About Identity Web Services in Sun OpenSSO Enterprise 8.0 Technical Overview.
Authentication Web Service Attribute
The Authentication Web Service attributes are global attributes. The value is carried across the OpenSSO Enterprise configuration and inherited by every organization.
The attribute for the Authentication Web Service is defined in the amAuthnSvc.xml service file and is called the Mechanism Handlers List.
Mechanism Handlers List
The Mechanism Handler List attribute stores information about the SASL mechanisms that are supported by the Authentication Web Service.
key Parameter
The required key defines the SASL mechanism supported by the Authentication Web Service.
class Parameter
The required class specifies the name of the implemented class for the SASL mechanism. Two authentication mechanisms are supported by the following default implementations:
Table 9–1 Default Implementations for Authentication Mechanism|
Class |
Description |
|---|---|
|
com.sun.identity.liberty.ws.authnsvc.mechanism.PlainMechanismHandler |
This class is the default implementation for the PLAIN authentication mechanism. It maps user identifiers and passwords in the PLAIN mechanism to the user identifiers and passwords in the LDAP authentication module under the root organization. |
|
com.sun.identity.liberty.ws.authnsvc.mechanism.CramMD5MechanismHandler |
This class is the default implementation for the CRAM-MD5 authentication mechanism. |
Note –
The Authentication Web Service layer provides an interface that must be implemented for each SASL mechanism to process the requested message and return a response.
Challenge Cleanup Interval
Specifies cleanup interval (in seconds) in the default CRAM-MD5 mechanism handler implementation class com.sun.identity.liberty.ws.authnsvc.mechanism.CramMD5MechanismHandler. The internal thread will start to cleanup the challenge map based on this value.
Transform Classes
Specifies the transform name to the implementation class mapping. Values are comma separated with a pipe (|) as delimiter for the transform name and implementation class name. For example, name1|class1, name2|class2.
PLAIN Mechanism Handler Authentication Module
Specifies the default authentication module used for the PLAIN mechanism handler. The default value is the Data Store authentication module.
CRAM-MD5 Mechanism Handler Authentication Module
This specifies the default authentication module used for the CRAM MD5 mechanism handler. The default value is the Data Store authentication module
- © 2010, Oracle Corporation and/or its affiliates