5.6.2 Invocation of custom login modules

Custom login modules can be invoked by either of the following Cosminexus standard login modules: DelegationLoginModule or WebSSOLoginModule.

• DelegationLoginModule

  This is used when single sign-on is not used.

• WebSSOLoginModule

  This is used when single sign-on is used.

By invoking the custom login module from the Cosminexus standard login module, the user can join the login session managed in integrated user management. This session is different from the Web container-managed session. To learn more about the integrated user management sessions, see 5.4 Sessions managed in integrated user management.

Custom login modules are invoked by either DelegationLoginModule or WebSSOLoginModule. When the user is successfully authenticated by the custom login module invoked by either of these login modules, he or she automatically joins the integrated user management session. The user ID needed to register the integrated user management session is obtained from the Principal object associated to Subject.

To use single sign-on, WebSSOLoginModule is used when the custom login module is invoked for the second time, the user ID that is obtained during the first join to the integrated user management session is used to obtain the necessary authentication information from the single sign-on information repository, and the information is passed to the custom login module. When the information stored in the repository is encrypted, it is decrypted before being passed to the custom login module.

To learn more about implementing custom login modules, see 5.12 Implementation of custom login module-based user authentication.

To Page Top