5.3.7 WebSSOLoginModule
This is the login module used to implement single sign-on. It invokes Cosminexus standard login modules or custom login modules.
When a user has logged in one session, the information used for authentication in other realms (user ID, SecretData, and PublicData) is given to the custom login module. The following figure shows an overview of WebSSOLoginModule.
|
|
![[Figure]](GRAPHICS/ZU101700.GIF)
WebSSOLoginModule reads ua.conf (the integrated user management configuration file) to obtain the custom login module class name that corresponds to the login module identifier specified in jaas.conf (the JAAS configuration file), and it then instantiates the custom login module. The argument given to the initialize method of WebSSOLoginModule is passed to the custom login module.
When a user has logged into the session, the custom login module obtains the single sign-on information of the user who logged in from the LDAP directory server specified in ua.conf. If the single sign-on information contains the user mapping information of the destination realm, it obtains the single sign-on information of the destination user. SecretData in the single sign-on information is decrypted by the method specified in ua.conf. WebSSOLoginModule then enters the destination user ID, decrypted SecretData, and PublicData in sharedState (the Map object that is passed by the initialize method to the custom login module). The parameter name used for setup is specified in ua.conf.
When no user has logged into the session, WebSSOLoginModule does not change sharedState.
The authentication process is delegated to the custom login module.