This section contains the following topics:
Configuration of All Custom Classes
Custom Java Classes for Authentication and Authorization
Custom Authentication Scheme Creation Uisng Java
The following configuration information applies to all custom authentication schemes and active expressions implemented with the Java Authentication API and Java Authorization API:
com.myorg.sdk.myclass
When SiteMinder calls the methods in an instance of your custom class, it passes the specified parameters. The class name is not passed. The parameters are passed as a single string. If the string contains multiple parameters, the parameters can be delimited in any way that the custom class requires.
The basic steps for implementing and deploying custom authentication or authorization classes are as follows:
All custom authentication and authorization classes use the same library file—smjavaapi. This library file is included with the Policy Server. You do not have to modify this library file. You simply reference it when you are configuring your custom authentication or authorization class.
Custom authentication and authorization objects may sometimes need to communicate request-specific information between themselves, such as to preserve state between object instances. These objects can share information through AppSpecificContext, which is retrieved through ApiContext. ApiContext is one of the common classes that is passed to both authentication and authorization objects.
Information shared through AppSpecificContext has request-only scope. For example, a custom object running in the context of an authentication request cannot exchange information with an object running in the context of an authorization request.
The following classes are used by both the Authentication API and the Authorization API. The services that these classes provide include:
The following table summarizes the common classes:
Class |
Description |
---|---|
APIContext |
Allows logging, tracing, and error messages to be sent to the Policy Server. |
AppSpecificContext |
Provides methods that allow custom authentication and authorization objects to share information. |
SmJavaApiException |
Provides exception functionality to custom authentication and authorization objects. |
UserContext |
Allows a custom object to set and retrieve information about a user in a user directory. The information includes user attributes and directory attributes associated with the user. The methods for setting and retrieving user directory attributes are available only if isUserContext() returns true. |
Copyright © 2014 CA.
All rights reserved.
|
|