How Authentication Works

The HTML for the authentication states is generated dynamically based on the parameters set in the configuration file for the authentication module developed. There must be a configuration file with the name of the class (no package name) and the extension .properties. This file must reside in /etc/opt/SUNWstnr on the i-Planet server when it is started.

The properties file is of the following form shown in Missing Cross Reference Target

SCREEN

TIMEOUT 60

TEXT Sample Login Page

TOKEN Enter User Name:

PASSWORD Enter User Password:


SCREEN

TIMEOUT 30

TEXT Sample Login Page 2

TOKEN Enter Favorite Color

TOKEN Enter Secret Pin Number

PASSWORD Enter Challenge form

Each SCREEN entry corresponds to one authentication state or authentication HTML page. When an authentication session is invoked, one HTML page is sent for each state. In the previous sample SCREENS, the first state sends an HTML page asking the users to enter a token and a password. When the users submit the token and the password, the validate() method is called. Module writers get the tokens, validate them, and return them. The second page is then sent and the validate() routine is again called.

If the module writers throw a LoginException, an authentication failed page is sent to the user. If no exception is thrown, which implies successful completion, the users are redirected to their default page. The TIMEOUT parameter is used to ensure that the users respond in a timely manner. If the time between sending the page in response is greater than the TIMEOUT, a time-out page is sent.