5.12.1 Implementation for integration with Cosminexus standard login modules
JAAS allows you to invoke multiple authentication modules sequentially in a single authentication. These authentication modules use the Map object (sharedState) passed to the third parameter of the LoginModule interface initialize method to pass information. This section provides the information that is added by each of the Cosminexus standard login modules. Note that DelegationLoginModule and WebPasswordJDBCLoginModule do not add information.
- Organization of this subsection
(1) WebPasswordLoginModule, WebCertificateLoginModule, and WebPasswordLDAPLoginModule
WebPasswordLoginModule, WebCertificateLoginModule, and WebPasswordLDAPLoginModule add the following information to sharedState before invoking the next LoginModule.
- Key: com.cosminexus.admin.auth.userattributes
-
Value type: UserAttributes
Description: References the UserAttributes object, which stores the user attributes associated with the Subject.
Setup timing: Just before the end of the commit method
(2) WebSSOLoginModule
If the user has been already authenticated in one session, WebSSOLoginModule obtains the information used for authentication in other realms from the user mapping and adds the following information to sharedState before invoking custom login modules. No information is added when the user has not been authenticated in the session or when there is no authentication information in the user mapping.
- Key: com.cosminexus.admin.auth.sso.userid
-
Value type: String
Description: The value defined in USERID of the user mapping
Setup timing: Just before invoking the login method of the custom login module
- Key: com.cosminexus.admin.auth.sso.secdat
-
Value type: String
Description: The value defined in SECRETDATA of the user mapping; the value is decrypted before being stored in sharedState.
Setup timing: Just before invoking the login method of the custom login module
- Key: com.cosminexus.admin.auth.sso.pubdat
-
Value type: String
Description: The value defined in PUBLICDATA of the user mapping
Setup timing: Just before invoking the login method of the custom login module
The above keys can be changed in the configuration file of the integrated user management framework. If a custom login module exists and can obtain authentication information from sharedState, the keys can be tailored to the custom login module specifications. For details about the configuration file settings, see 14.2.1 jaas.conf (JAAS configuration file).