Sun ONE logo     Previous     Contents     Index     Next     
Sun ONE Portal Server 6.0 Migration Guide



Chapter 3   Migrating Custom Authentication Modules



Note All instances of the Sun™ ONE Portal Server 3.0 product refer to what were formerly known as the iPlanet™ Portal Server 3.0, Service Pack 3a and iPlanet™ Portal Server 3.0, Service Pack 4 products.


Custom authentication modules in Sun ONE Portal Server 3.0 must be simulated in iPlanet™ Directory Server Access Management Edition 5.1 as plugged-in authentication modules. Migrating these custom authentication modules from Sun ONE Portal Server 3.0 to iPlanet Directory Server Access Management Edition 5.1 involves several steps. Each section of this chapter comprises one step in the process and contains instructions for implementing the step. This chapter contains the following sections:

You may need to modify organizations to subscribe to the proper converted authentication services.

Moving Custom Authentication Modules from Sun ONE Portal Server 3.0 to iPlanet Directory Server Access Management Edition 5.1

The LDAP migration process converts Sun ONE Portal Server 3.0 custom AuthModule components to iPlanet Directory Server Access Management Edition 5.1 services. See Chapter 2 "Migrating LDAP Data" for details on migrating LDAP data.

As part of the template migration option, the migration tools move each modified .properties file for your custom authentication modules from the /etc/opt/SUNWips/auth/default directory on the Sun ONE Portal Server 3.0 system to the BaseDir/SUNWam/web-apps/services/WEB-INF/config/auth/default directory on the Sun™ ONE Portal Server 6.0. See Chapter 5 "Migrating The Desktop" for details on migrating templates.

If you do not perform a template migration but still wish to migrate your custom authentication modules, you may move the .properties files manually by using, for example, the ftp command.

It is not necessary to move .properties files that you have not modified or created because all authentication modules, with the exception of Skey, NT auth, and SecurID in Sun ONE Portal Server 3.0 also exist in iPlanet Directory Server Access Management Edition 5.1.


Note Skey, NT auth, and SecurID are not supported in iPlanet Directory Server Access Management Edition 5.1.


Implementing the Factory Class com.iplanet.authentication.spi.AuthenticationModuleFactory

The AuthenticationModuleFactory defines a factory API which enables the authentication framework to obtain an instance of the corresponding authentication module. Each authentication module needs to implement this interface. See the iPlanet Directory Server Access Management Edition 5.1 Javadocs for details on implementing the factory class com.iplanet.authentication.spi.AuthenticationModuleFactory.

Implementing the Module Extending com.iplanet.authentication.spi.AuthenticationModule

The AuthenticationModule is an abstract class used for writing pluggable authentication modules. Because it is an abstract class, authentication writers must subclass and override the abstract methods init, validate, and getUserTokenId.

The HTML for the authentication states is dynamically generated based on the parameters set in the configuration file for the authentication module developed. There must be a configuration file with the name of the class (no package name) and the extension .properties. See the iPlanet Directory Server Access Management Edition 5.1 javadocs for details on implementing the module extending com.iplanet.authentication.spi.AuthenticationModule.

Creating the iwtAuthModule.jar File

To create the iwtAuthModule.jar file, issue the command:

jar -cvf iwtAuthModulename.jar *.class

where the *.class file corresponds to the two classes, com.iplanet.authentication.spi.AuthenticationModuleFatory and com.iplanet.authentication.spi.AuthenticationModule that you have implemented. After you have created the iwtAuthModule.jar file, you must put it in the BaseDir/SUNWam/web-apps/services/WEB-INF/lib directory.

Creating the iwtAuthmodule.xml File

After converting LDAP data, the conversion tool will have created an ImportDir/xml/component/iwtAuthModule_Name.xml file. The import tool imports the iwtAuthmodule.xml file into iPlanet Directory Server Access Management Edition 5.1 as a service. See Chapter 2 "Migrating LDAP Data" for details on migrating LDAP data.

Modifying the amAuth.xml File

Modify the BaseDir/SUNWam/config/xml/amAuth.xml to include the added authentication modules in the list of existing authentication modules. After modification of the amAuth.xml file, you need to execute the following two steps for the changes to take effect:

  1. BaseDir/SUNWam/bin/amadmin --runAsDN uid=amadmin,ou=People,default_org,root_suffix --password password --deleteService iPlanetAMAuthService

  2. BaseDir/SUNWam/bin/amadmin --runAsDN uid=amadmin,ou=People,default_org,root_suffix --password password --schema amAuth.xml


Previous     Contents     Index     Next     
Copyright 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated September 25, 2002