5.3.1 Types and functions of Cosminexus standard login modules
The Cosminexus standard login modules provided by the integrated user management framework are grouped into the following two types:
-
Login modules used to authenticate users
The following four login modules belong to this type.
-
WebPasswordLoginModule
This login module uses passwords to authenticate users.
-
WebCertificateLoginModule
This login module uses client certificates to authenticate users.
-
WebPasswordLDAPLoginModule
This login module uses the LDAP directory server's authentication function to authenticate users.
-
WebPasswordJDBCLoginModule
This login module is used when the database is already used as the user information repository.
-
-
Login modules used to invoke custom application login modules
The following two login modules belong to this type.
-
DelegationLoginModule
This login module is used to invoke custom login modules. It does not support single sign-on.
-
WebSSOLoginModule
This login module is used for single sign-on. It invokes other login modules such as Cosminexus standard login modules and custom login modules.
DelegationLoginModul is used to invoke custom login modules when single sign-on is not used. WebSSOLoginModule is used to invoke other Cosminexus standard login modules or custom login modules when single sign-on is used. For example, to provide single sign-on access to the application that requires password authentication, invoke WebSSOLoginModule and then WebPasswordLoginModule from that module.
-
The following table lists the function of each login module.
Function |
Type |
||||||||
---|---|---|---|---|---|---|---|---|---|
P |
C |
L |
J |
D |
S |
||||
Used repository |
LDAP directory server |
A |
A |
A |
-- |
-- |
A |
||
Database (JDBC) |
-- |
-- |
-- |
A |
-- |
-- |
|||
Authentication method |
X509 certificate |
-- |
A |
-- |
-- |
-- |
-- |
||
Password authentication |
A |
-- |
A#1 |
A |
-- |
-- |
|||
Type that can store passwords |
Binary (byte []) |
A |
-- |
-- |
A#2 |
-- |
-- |
||
Character string |
-- |
-- |
-- |
A#3 |
-- |
-- |
|||
Encryption algorithm used to compare/store passwords |
Plain text |
A |
-- |
-- |
A |
-- |
-- |
||
SHA-1 |
A |
-- |
-- |
A |
-- |
-- |
|||
SHA-224 |
A |
-- |
-- |
A |
-- |
-- |
|||
SHA-256 |
A |
-- |
-- |
A |
-- |
-- |
|||
SHA-384 |
A |
-- |
-- |
A |
-- |
-- |
|||
SHA-512 |
A |
-- |
-- |
A |
-- |
-- |
|||
MD5 |
A |
-- |
-- |
A |
-- |
-- |
|||
Encryption enhancement |
A |
-- |
-- |
A |
-- |
-- |
|||
Triple DES |
-- |
-- |
-- |
-- |
-- |
A |
|||
Miscellaneous |
Setting Principal objects |
A |
A |
A |
A |
-- |
-- |
||
Obtaining user attributes |
A |
A |
A |
-- |
-- |
-- |
|||
Registering the user ID and realm name of the user logging in the integrated user management session at the time of login (which are removed at the time of logout) |
A |
A |
A |
A |
A#4 |
A#4 |
|||
Invoking custom login modules |
-- |
-- |
-- |
-- |
A |
A |
- Legend:
-
P: WebPasswordLoginModule
C: WebCertificateLoginModule
L: WebPasswordLDAPLoginModule
J: WebPasswordJDBCLoginModule
D: DelegationLoginModule
S: WebSSOLoginModule
A: Available
-: Not available
#1: The type that can store passwords and the encryption algorithm depend on the LDAP directory server.
#2: The mappable SQL data type can be specified in the byte [] type (VARBINARY/LONGVARBINARY).
#3: The mappable SQL data type can be specified in the String [] type (CHAR/VARCHAR/LONGVARCHAR).
#4: Registration is performed when the conditions are met.