|
|
|
To configure the SiteMinder Agent Authenticators to handle all JBoss web application requests, replace the default JBossSX authenticator methods with the SiteMinder Agent Authenticator methods in the JBoss core authentication services definition.
The JBoss core authentication services are defined in the jboss-service.xml configuration file located in the following location:
server/server_name/deploy/jboss-web.deployer/META-INF/
Note: The SiteMinder Agent Authenticator methods extend the default authenticator methods; the default authenticator functionality is still available for requests without valid SiteMinder session cookies.
To Configure SiteMinder Agent Authenticators at the global level
To configure the SMJBossBasicAuthenticator, edit the java:property element for BASIC authentication as follows:
<java:property> <java:key>BASIC</java:key> <java:value> com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossBasicAuthenticator </java:value> </java:property>
To configure the SMJBossFormAuthenticator, edit the java:property element for FORM authentication as follows:
<java:property> <java:key>FORM</java:key> <java:value> com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossFormAuthenticator </java:value> </java:property>
To configure the SMJBossClientCertAuthenticator, edit the java:property element for CLIENT-CERT authentication as follows:
<java:property> <java:key>CLIENT-CERT</java:key> <java:value> com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossClientCertAuthenticator </java:value> </java:property>
To configure the SMJBossDigestAuthenticator, edit the java:property element for DIGEST authentication as follows:
<java:property> <java:key>DIGEST</java:key> <java:value> com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossDigestAuthenticator </java:value> </java:property>
If you do not want the default authentication behavior to occur if SiteMinder session cookie validation fails, configure the SMJBossIdentityAsserter in place of any authenticator. For example, to configure the SMJBossIdentityAsserter so that default Digest authentication does not occur if SiteMinder identity assertion fails, edit the java:property element for DIGEST as follows:
<java:property> <java:key>DIGEST</java:key> <java:value> com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossIdentityAsserter </java:value> </java:property>
The SiteMinder Agent Authenticators are configured as the default authenticators for all security-enabled web applications. The authenticator configured for the authentication method defined in the web application deployment descriptor will handle request unless an authenticator is configured individually for that application.
Example jboss-service.xml
The following is an example <attribute name="Authenticators" ...> element definition section with all SiteMinder Agent Authenticators configured.
<attribute name="Authenticators" serialDataType="jbxb"> <java:properties xmlns:java="urn:jboss:java-properties" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance" xs:schemaLocation="urn:jboss:java-properties resource:java-properties_1_0.xsd"> <java:property> <java:key>BASIC</java:key> <java:value> com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossBasicAuthenticator </java:value> </java:property> <java:property> <java:key>FORM</java:key> <java:value> com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossFormAuthenticator </java:value> </java:property> <java:property> <java:key>CLIENT-CERT</java:key> <java:value> com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossClientCertAuthenticator </java:value> </java:property> <java:property> <java:key>DIGEST</java:key> <java:value> com.ca.soa.agent.appserver.authenticator.jBoss.SMJBossDigestAuthenticator </java:value> </java:property> <java:property> <java:key>NONE</java:key> <java:value> org.apache.catalina.authenticator.NonLoginAuthenticator </java:value> </java:property> </java:properties> </attribute>
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |