Hitachi

uCosminexus Application Server Security Management Guide

5.12.1 Implementation for integration with Cosminexus standard login modules

JAAS allows you to invoke multiple authentication modules sequentially in a single authentication. These authentication modules use the Map object (sharedState) passed to the third parameter of the LoginModule interface initialize method to pass information. This section provides the information that is added by each of the Cosminexus standard login modules. Note that DelegationLoginModule and WebPasswordJDBCLoginModule do not add information.

Organization of this subsection

(1) WebPasswordLoginModule, WebCertificateLoginModule, and WebPasswordLDAPLoginModule

WebPasswordLoginModule, WebCertificateLoginModule, and WebPasswordLDAPLoginModule add the following information to sharedState before invoking the next LoginModule.

Key: com.cosminexus.admin.auth.userattributes

Value type: UserAttributes

Description: References the UserAttributes object, which stores the user attributes associated with the Subject.

Setup timing: Just before the end of the commit method

To Page Top

(2) WebSSOLoginModule

If the user has been already authenticated in one session, WebSSOLoginModule obtains the information used for authentication in other realms from the user mapping and adds the following information to sharedState before invoking custom login modules. No information is added when the user has not been authenticated in the session or when there is no authentication information in the user mapping.

Key: com.cosminexus.admin.auth.sso.userid

Value type: String

Description: The value defined in USERID of the user mapping

Setup timing: Just before invoking the login method of the custom login module

Key: com.cosminexus.admin.auth.sso.secdat

Value type: String

Description: The value defined in SECRETDATA of the user mapping; the value is decrypted before being stored in sharedState.

Setup timing: Just before invoking the login method of the custom login module

Key: com.cosminexus.admin.auth.sso.pubdat

Value type: String

Description: The value defined in PUBLICDATA of the user mapping

Setup timing: Just before invoking the login method of the custom login module

The above keys can be changed in the configuration file of the integrated user management framework. If a custom login module exists and can obtain authentication information from sharedState, the keys can be tailored to the custom login module specifications. For details about the configuration file settings, see 14.2.1 jaas.conf (JAAS configuration file).

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2022, Hitachi, Ltd.