Contents


About This Guide

About Identity Server 6.0
What You Are Expected to Know
Identity Server Documentation Set
Documentation Conventions Used in This Guide

Typographic Conventions
Terminology

Related Information

Chapter 1 Introduction

Identity Server Overview

Data Management Components
Application Management Services
Managing Access

Extending Identity Server

Service Definition With XML
Identity Server Console Customization
Java Packages

Identity Server File System

Chapter 2 The Identity Server Console

Overview

Console Interface
Architecture

Customizing The Console

Default Console Directory
Creating Custom Organization Files
Precompiling JSP Files

Customizing The User Profile View
Miscellaneous Customizations

Changing Default Attribute Display
Localizing The Console
Customizing Background Colors
Plugging In A New Module
Displaying Container Objects

Console Sample

Chapter 3 Authentication Service

Overview

Accessing The Authentication Service
Authenticating The Request
Miscellaneous Features

The Authentication User Interface

Customizing The Authentication Interface
JSP Templates
Authentication Module Configuration Files

Default Authentication Modules

Core Authentication Service
Proprietary Authentication Modules
Assigning The Authentication Method

Custom Authentication Modules

Creating A New Authentication Module
Configuring Localization Properties
Configuring Module Credential Requirements
Modifying amAuth.xml

Application Authentication

Authentication API For Java Applications
Authenticating Non-Java Applications
The remote-auth.dtd Structure

Authentication SPI
URL Parameters
C Programs and Authentication

Authentication Request / Response Flow

Authentication Samples

Remote Client API
Login Module

Chapter 4 Single Sign-On

Overview

Contacting A Policy Agent
Creating A Session Token
Providing User Credentials

Cookies and Session Tokens
Cross-Domain Support For SSO

Enabling Cross-Domain Single Sign-On
Configuring For Cross-Domain SSO

SSO API

Non-Web-Based Applications
API Overview
Sample API Code

Sample SSO Java Files

SSO Servlet Sample
Remote SSO Sample
Command Line SSO Sample

Chapter 5 Identity Management

Overview

Abstract Objects

Object Templates

Structure of ums.xml
Modifying ums.xml

Identity Server SDK

SDK Interfaces
The SDK And Cache
Installing the SDK Remotely

amEntrySpecific.xml

amEntrySpecific.xml Schema

Management Sample Functions

Create, Delete Or Modify Users
Create Organization
Retrieve Templates
Create Users With Modified LDAP Schema

Chapter 6 Service Management

Overview

XML Service Files
Document Type Definition Structure Files
Service Management SDK

Service Definition

Defining A Service
Creating A Service File
Extending The Directory Server Schema
Importing the XML Service File
Configuring Localization Properties
Updating Files For Abstract Objects
Registering The Service

DTD Files

The sms.dtd Structure
The amAdmin.dtd Structure

XML Files

Default XML Service Files
Batch Processing XML Files
Customizing User Pages

Service Management SDK

Chapter 7 Policy Service

What Is Policy?

Policy Service
Architecture
Policy Types
Subjects

Policy Definition Type Document

Policy Element
Rule Element
ServiceName Element
ResourceName Element
AttributeValuePair Element
Subjects Element
Subject Element
Referrals Element
Referral Element
Conditions Element
Condition Element

Java SDK For Policy

Policy Evaluation Java APIs
Policy Management Java APIs
Policy Plugin Java APIs

C Library For Policy

C APIs for Policy Evaluation
am_properties_t
Information And Utility APIs
am
am_policy
Specialization Methods
Initialization Variables
Specialization Methods For Web Agents
Initialization Variables

Chapter 8 Using The SAML Service

Overview

Assertion Types
Profile Types
SAML SOAP Receiver
Accessing The SAML Service

amSAML.xml
SAML SDK

com.sun.identity.saml
com.sun.identity.saml.assertion
com.sun.identity.saml.common
com.sun.identity.saml.plugins
com.sun.identity.saml.protocol
com.sun.identity.saml.xmlsig

SAML Service Samples

Chapter 9 Federation Management

Overview

The Liberty Alliance Project
Liberty Specification Concepts

Federation Management Process

Federation Management Protocols

Federation Management API
Customizing The Module
Federation Management Samples

Chapter 10 Logging Service

Overview

Logging Architecture
Logging Service XML File
Log Security

Log Message Formats

Flat File Format
Relational Database Format

Logging API

Logger Class
LogRecord Class
Logging Exceptions
Sample Logging Code

Logging SPI

Plugin Log Verifier
Plugin Authorization Mechanism

Log Files

SSO-related Logs
Console-related Logs
Authentication-related Logs
Federation-related Logs

Debug Files
Secure Logging

Chapter 11 Client Detection

Overview
Client Data
Client Detection API

Client Detection Module Interface

Chapter 12 Identity Server Utilities

Backup And Restore

Backup Script
Restore Script

Utility API

API Summary

Appendix A AMConfig.properties File

Overview
Deployment Directives

Identity Server Directives
Directory Server

Configuration Directives

Debug Service
Stats Service
SAML
Miscellaneous Services

Read-Only Directives

Base Directory
Shared Secret
Deployment Descriptors
Session Properties
Cross Domain Single Sign-On Support
SecureRandom Properties
SocketFactory properties
Encryption
Remote Installation
IP Address Checking
Remote Policy API Directives
FQDN Map

Appendix B Directory Server Concepts

Overview
Roles

Managed Roles
How Identity Server Uses Roles

Access Control Instructions (ACIs)

Defining ACIs
Format of Predefined ACIs

Class Of Service

CoS Definition Entry
CoS Template Entry
Conflicts and CoS

Application Schema

Index