-
1. Re: Weblogic IdentityAssertor
starksm64 Dec 14, 2004 1:12 AM (in response to vshriram)You'll have to describe the behavior of the Identity Assertor in more detail, but its likely going to require a custom valve or authenticator.
-
2. Re: Weblogic IdentityAssertor
vshriram Dec 14, 2004 4:14 AM (in response to vshriram)This is how the identity assertor provider works.
--
Identity assertion involves establishing a client?s identity using client-supplied tokens that may exist outside of the request. Thus, the function of an Identity Assertion provider is to validate and map a token to a username. Once this mapping is complete, an Authentication provider?s
LoginModule can be used to convert the username to principals.
Identity Assertion providers allow WebLogic Server to establish trust by validating a user. An Identity Assertion provider is a specific form of Authentication provider that allows users or system processes to assert their identity using tokens (in other words, perimeter authentication).
You can use an Identity Assertion provider in place of an Authentication provider if you create a LoginModule for the Identity Assertion provider, or in addition to an Authentication provider if you want to use the Authentication provider?s LoginModule. Identity Assertion providers enable
perimeter authentication and support single sign-on.
--
So basically it picks up a token set by an external system and does perimeter authentication. I was wondering if there was anything similiar to that, in JBoss?? -
3. Re: Weblogic IdentityAssertor
starksm64 Dec 16, 2004 1:54 PM (in response to vshriram)No, but it can be implemented using either a tomcat valve.
-
4. Re: Weblogic IdentityAssertor
awclemen Nov 21, 2005 4:43 PM (in response to vshriram)When the valve is used, does it call the LoginModule with the data it has received or does the valve place the data somewhere for the LoginModule to pick up and use?
-
5. Re: Weblogic IdentityAssertor
awclemen Nov 21, 2005 6:00 PM (in response to vshriram)Allow me to pose the question differently. How does the valve comminucate with the LoginContext? From reading the manual, it seems that the valve would create a CallbackHandler from the authentication token. Then it would instatiate a LoginContext and send the CallbackHandler to the LoginContext object. It then exits the valve and does it's work at the server. Is this correct? Is another valve need to logout after the work at the server is finished?
-
6. Re: Weblogic IdentityAssertor
starksm64 Nov 22, 2005 11:55 AM (in response to vshriram)It could, but more likely the valve just passes the info into a similar authenticator in terms of the identity and proof of identity to trigger the login module through the Realm associated with the web container. You should look at the existing standard web authentication valves to understand how things tie together. Start with the org.apache.catalina.authenticator.BasicAuthenticator for the BASIC authentication mechanism.