5.2.6 Integrated user management process flow

The following figure illustrates the process flow when using integrated user management.

Figure 5‒11: Process flow when using integrated user management

A description of this process is as follows:

1. A login request is sent through the Web browser.

2. The login module is invoked by the Web application to perform authentication process.

3. The Cosminexus standard login module is used to authenticate the user. The login module used for authentication and its configuration are defined in jaas.conf (the JAAS configuration file) or ua.conf (the integrated user management configuration file). The necessary information for authentication is retrieved from the user information repository in the LDAP directory server or the database.

4. The authentication result is returned to the Web application.

Implementing the authentication process requires the users who set up the system and the application developers to configure the system and develop the application.

What the users who set up the system must do

• Define the used login modules, repositories, and their configuration information in jaas.conf (the JAAS configuration file) and ua.conf (the integrated user management configuration file). To implement single sign-on, define the single sign-on parameters in ua.conf as well.

• Create the encryption key file when implementing single sign-on.

• Register the user information in the user information repository.

• If the Component Container administrators and the users in the integrated user management group use jaas.conf (the JAAS configuration file) and ua.conf (the integrated user management configuration file) stored under Cosminexus installation directory/manager/config in the UNIX environment, set the appropriate access permissions in these configuration files in advance.

Use a text editor, etc., to edit jaas.conf and ua.conf.

To learn more about the integrated user management configurations, see 5.19 Creating configuration files.

What the application developers must do

• Use the JAAS API and the integrated user management API and JSP tag library provided by Cosminexus to create the authentication process program that invokes the login modules.

• Create a custom login module to authenticate users in a specific way to the application.

• When necessary, create an implementation class to enhance passwords at the time of password authentication.

For details about implementing user authentication based on the integrated user management framework, see 5.9 Implementation of user authentication based on the integrated user management framework.

To Page Top