Here is a list of deprecated login modules that are no longer used in Security Infrastructure.
This is a Login Module
for retrieving user
roles. It is responsible for the following operations:
Authenticate a user with supplied credentials against CentraSite Server (Registry/Repository).
Selecting the roles that are assigned to the authenticated
Principal
from an XML server.
Adding these roles to the Subject
.
With the CentraSiteServerLoginModule
you can
retrieve role information from the CentraSite Server. It creates the
corresponding RolePrincipal
objects and adds them in the
Subject
. The
CentraSiteServerLoginModule
requires a user name and a
password for authentication. It also supports the usage of both an IAF token
and an IAF artifact. The IAF artifact must be presented in
SagCredentials
object as a password, in the
corresponding field.
Set sin-common.jar, sin-xmlserver.jar, and the Tamino API for Java (TaminoAPI4J) in the classpath.
Note:
You must have a running CentraSite Server to be able to use the
CentraSiteServerLoginModule
.
Check the list with the parameters' description in the following table:
Parameter | Description | Default Value | Possible Values | Mandatory |
---|---|---|---|---|
xmlserver_url |
The URL pointing to the CentraSite Server. |
None |
Any valid URL |
Yes |
useIAF |
If the IAF artifact is present in the
If set to "false", user name and password will be used for authentication against the XML server. |
The default value is "true". |
true false |
No |
usePasswordForIAF |
This parameter gets the IAF artifact from the password field. Note: |
The default value is "false". |
true false |
No |
Check the next task
for the
prerequisites to the secure communication between
CentraSiteServerLoginModule
and the application
server.
The communication between the
CentraSiteServerLoginModule
and CentraSite server works
via HTTPS. Following are prerequisites for the usage of HTTPS if the calling
program and the CentraSite server are not located on the same physical
system:
Set up the CentraSite Apache web server to provide an HTTPS port
(set up mod_ssl
).
The installed server certificate that is to be used by the Apache web server must have the same server name as the subject Distinguished Name (DN). For example, for a server that is accessed via https://myserver.abc.com:53443, the Subject DN has to be myserver.abc.com.
The xmlserver_url
has to point to this HTTPS
port.
There has to be a trust anchor for the client to verify the server certificate. To do this, the certificate of the issuer of the server certificate must be known to the client application.
One way of doing this is to import the certificate of the issuer into the cacerts file. This file is located in the jre/lib/security directory of the Java installation that is used for the client program.
Another way is to set your own trust store and add to it all trusted certificates.