Sun Java System Access Manager 7 2005Q4 Technical Overview

Plug-ins Layer

The Access Manager SPIs work with plug-ins to provide customer data to the framework for back-end processing. Some customer data comes from external data base applications such as identity repositories. Some customer data come from Access Manager plug-ins. You can develop custom plug-ins to work with Access Manager SPIs.

For a complete listing of Access Manager SPIs, see the Javadoc. The following table lists the plug-ins that are installed with Access Manager and a brief description what each plug-in does.

Table 1–3 Access Manager Plug-ins




Accesses user data in a specified identity repository to determine if user’s credentials are valid. 


Aggregates policies and rules to determine whether a user is authorized to access a protected resource. 

Service Configuration

Manages configuration data used in each core component framework: authentication, authorization, SAML, session, logging, and identity federation. Provides configuration data to any Access Manager plug-in or component that needs the data. 


Aggregates policies and rules to determine the scope of a network administrator’s authority. 

Identity Repository Management

Authenticates identities and returns identity information such as user attributes and membership status. 


Creates and modifies users and stores information in the user branch of the identity repository. Implements user management APIs used in previous Access Manager releases.