test

i-Planet Administration Guide

Integrating the Module

Assume you have a Java class called com.companyx.auth.MyLogin that takes two inputs on the command line from a user. One input is a userId and the second is a password. MyLogin then passes these two inputs to two routines called myAuthenticateId(Id) and myAuthenticatePass(pass), which in turn calls the authentication-specific library and returns a success or fail with an error message if it fails.

After you have written your pluggable authentication module and tested it, you must integrate it into i-Planet. Use the following procedure to integrate your module into i-Planet.

To Integrate Your Pluggable Authentication Module

  1. Modify your class to do the following:


    import com.sun.authd.*

extend com.sun.authd.Login

implement the validate(), init(), and getUserTokenId() methods

    The validate method replaces your input gathering method. Each time the user submits an HTML page, the validate() method will be called. In the method, you call your authentication-specific routines. At any point in this method, if the authentication has failed, you must throw a LoginException. If desired, you can pass the reason for failure as an argument to the exception. This reason will be logged in the i-Planet authentication log.

    init() should be used if your class has any specific initialization such as loading a JNI library. init() is called once for each instance of your class. Every authentication session creates a new instance of your class. Once a login session is completed the reference to the class is released.

    getUserTokenId() is called once at the end of a successful authentication session by the i-Planet authentication server. This is the string the authenticated user will be known as in the i-Planet server. A login session is deemed successful when all pages in the MyLogin.properties file have been sent and your module has not thrown an exception.

  2. Create a MyLogin.properties file.

    This file contains some simple directives which tell the i-Planet authentication daemon how to create the HTML pages for your login class dynamically. Since MyLogin requires two screens with one input each, the MyLogin.properties file will look like the following:


    SCREEN

TEXT Welcome to my login pages

TIMEOUT 60

TOKEN Please enter your company ID



SCREEN

TIMEOUT 120

TEXT Welcome to my second page

PASSWORD Please enter your password

    This .properties file tells the i-Planet authentication daemon to send two successive pages to the user. After each submit, your MyLogin validate routine will be called with the inputs made available through public getXX methods of the Login class.

  3. Compile your java class.

  4. Include /opt/SUNWjeev/classes/authd.jar and /opt/SUNWjeev/classes/acm.jar in your CLASSPATH.

    Note -

    If you use a package name to create the directories for the package, note the name that you used.

  5. Copy your class file to /opt/SUNWjeev/classes.

    Note -

    If you use a jar file, you will need to edit the /opt/SUNWjeev/bin/iplsrv script and add your jar file to the web server's CLASSPATH. You can also just add it to your root CLASSPATH. The iplanet_srv script will pick it up.

    If you have JNI library, you must copy it into /opt/SUNWjeev/lib/sparc, or you will need to modify the LD_LIBRARY_PATH of iplsrv script.

  6. Copy your MyLogin.properties file to /etc/opt/SUNWstnr.

  7. Add your full package.class name to the authenticators property in the platform.conf file.

       authenticators=com.sun.login.unix.Unix
com.companyx.auth.MyLogin

  8. Add the lines to the /opt/SUNWsnrp/policy/reverseproxy.policy file on the i-Planet gateway.

    http://host:port/login/MyLogin

    https://host/login/MyLogin

    Be sure to add both http and https.

  9. Restart the web server on the i-Planet server.

  10. Restart the reverse proxy server on the i-Planet gateway.

  11. Test your login.