6 Replies Latest reply on Nov 22, 2005 11:55 AM by starksm64

    Weblogic IdentityAssertor

    vshriram

      I was wondering if JBoss has a feature similar to Weblogic's Identity Assertor. Basically the idea is to integrate with another system and i want to read some values off the http header and do some custom login.

      Using weblogic's identity assertor it is pretty straightforward. Is there any sort of equivalent with JBoss?? Is there any way i can read http header/servlet request values in my custom JAAS LoginModule or do i neccessarily have to use a custom tomcat valve?

        • 1. Re: Weblogic IdentityAssertor
          starksm64

          You'll have to describe the behavior of the Identity Assertor in more detail, but its likely going to require a custom valve or authenticator.

          • 2. Re: Weblogic IdentityAssertor
            vshriram

            This is how the identity assertor provider works.
            --
            Identity assertion involves establishing a client?s identity using client-supplied tokens that may exist outside of the request. Thus, the function of an Identity Assertion provider is to validate and map a token to a username. Once this mapping is complete, an Authentication provider?s
            LoginModule can be used to convert the username to principals.

            Identity Assertion providers allow WebLogic Server to establish trust by validating a user. An Identity Assertion provider is a specific form of Authentication provider that allows users or system processes to assert their identity using tokens (in other words, perimeter authentication).
            You can use an Identity Assertion provider in place of an Authentication provider if you create a LoginModule for the Identity Assertion provider, or in addition to an Authentication provider if you want to use the Authentication provider?s LoginModule. Identity Assertion providers enable
            perimeter authentication and support single sign-on.
            --
            So basically it picks up a token set by an external system and does perimeter authentication. I was wondering if there was anything similiar to that, in JBoss??

            • 3. Re: Weblogic IdentityAssertor
              starksm64

              No, but it can be implemented using either a tomcat valve.

              • 4. Re: Weblogic IdentityAssertor
                awclemen

                When the valve is used, does it call the LoginModule with the data it has received or does the valve place the data somewhere for the LoginModule to pick up and use?

                • 5. Re: Weblogic IdentityAssertor
                  awclemen

                  Allow me to pose the question differently. How does the valve comminucate with the LoginContext? From reading the manual, it seems that the valve would create a CallbackHandler from the authentication token. Then it would instatiate a LoginContext and send the CallbackHandler to the LoginContext object. It then exits the valve and does it's work at the server. Is this correct? Is another valve need to logout after the work at the server is finished?

                  • 6. Re: Weblogic IdentityAssertor
                    starksm64

                    It could, but more likely the valve just passes the info into a similar authenticator in terms of the identity and proof of identity to trigger the login module through the Realm associated with the web container. You should look at the existing standard web authentication valves to understand how things tie together. Start with the org.apache.catalina.authenticator.BasicAuthenticator for the BASIC authentication mechanism.