The Cosminexus standard login modules provided by the integrated user management framework are grouped into the following two types:

• Login modules used to authenticate users
  The following four login modules belong to this type.
  
  • WebPasswordLoginModule
    This login module uses passwords to authenticate users.
    
  • WebCertificateLoginModule
    This login module uses client certificates to authenticate users.
    
  • WebPasswordLDAPLoginModule
    This login module uses the LDAP directory server's authentication function to authenticate users.
    
  • WebPasswordJDBCLoginModule
    This login module is used when the database is already used as the user information repository.
    
• Login modules used to invoke custom application login modules
  The following two login modules belong to this type.
  
  • DelegationLoginModule
    This login module is used to invoke custom login modules. It does not support single sign-on.
    
  • WebSSOLoginModule
    This login module is used for single sign-on. It invokes other login modules such as Cosminexus standard login modules and custom login modules.
    
  DelegationLoginModul is used to invoke custom login modules when single sign-on is not used. WebSSOLoginModule is used to invoke other Cosminexus standard login modules or custom login modules when single sign-on is used. For example, to provide single sign-on access to the application that requires password authentication, invoke WebSSOLoginModule and then WebPasswordLoginModule from that module.
  

The following table lists the function of each login module.

Table 5-6 Login module function list

Function				Type
				P	C	L	J	D	S
Used repository	LDAP directory server			A	A	A	--	--	A
	Database (JDBC)			--	--	--	A	--	--
Authentication method	X509 certificate			--	A	--	--	--	--
	Password authentication			A	--	A#1	A	--	--
		Type that can store passwords	Binary (byte [])	A	--	--	A#2	--	--
			Character string	--	--	--	A#3	--	--
		Encryption algorithm used to compare/store passwords	Plain text	A	--	--	A	--	--
			SHA-1	A	--	--	A	--	--
			MD5	A	--	--	A	--	--
			Encryption enhancement	A	--	--	A	--	--
			Triple DES	--	--	--	--	--	A
Miscellaneous	Setting Principal objects			A	A	A	A	--	--
	Obtaining user attributes			A	A	A	--	--	--
	Registering the user ID and realm name of the user logging in the integrated user management session at the time of login (which are removed at the time of logout)			A	A	A	A	A#4	A#4
	Invoking custom login modules			--	--	--	--	A	A

Legend:

P: WebPasswordLoginModule

C: WebCertificateLoginModule

L: WebPasswordLDAPLoginModule

J: WebPasswordJDBCLoginModule

D: DelegationLoginModule

S: WebSSOLoginModule

A: Available

-: Not available

#1: The type that can store passwords and the encryption algorithm depend on the LDAP directory server.

#2: The mappable SQL data type can be specified in the byte [] type (VARBINARY/LONGVARBINARY).

#3: The mappable SQL data type can be specified in the String [] type (CHAR/VARCHAR/LONGVARCHAR).

#4: Registration is performed when the conditions are met.