5.4.2 Registration of login user IDs
This section explains the registering of the user IDs of users who log into the integrated user management session.
- Organization of this subsection
(1) Purpose of registering login user IDs
The purpose of registering the user IDs of users who log into the integrated user management session is as follows:
-
It enables the login modules to determine if users log into the integrated user management session by checking the <ua:notLogin> tag in the JSP tag library. In addition, specifying a realm name enables them to determine if users log into that realm.
(2) Conditions in which to register login user IDs
The Cosminexus standard login modules that have the authentication mechanism automatically register the user IDs of users who log into the integrated user management session.
The custom login modules register the user IDs of users in the integrated user management session if they satisfy the following both conditions:
-
If, in the custom login module implementation, the Principal object is associated with the Subject by the commit method.
-
If WebSSOHandler provided by the integrated user management framework is set to the LoginContext class constructor argument.
When multiple login modules are invoked in one call, the user IDs are not registered until a user logs in by using the Cosminexus standard login module that has the authentication mechanism or the login module that satisfies the above conditions. When no users use such modules for log in, the user IDs are not registered in the integrated user management session.
(3) Contents registered in the integrated user management session
Registered in the integrated user management session are realm names, user IDs, and login times.
-
Realm name
This is set to the value specified by com.cosminexus.admin.auth.realm in jaas.conf (the JAAS configuration file). A null character is assigned when this option is omitted. com.cosminexus.admin.auth.realm must be always specified unless DelegationLoginModule is used.
-
User ID
This is set to the user ID in the Principal object initially requested by the Subject after each login module's commit method is invoked (the result returned by the getName method).
-
Login time
This is set to the time when a user logs in and the user ID is registered in the integrated user management session. The login time is registered per user.