Authentication is performed by a JAAS login module. It is configured in the application server and is invoked automatically by the application server as part of the authentication process for any access to the IBM Cúram Social Program Managementapplication. The advantage to this approach is that the default authentication mechanism can be used with, or replaced by, a custom approach, without affecting the IBM Cúram Social Program Managementapplication.
As mentioned earlier, the Cúram JAAS login module can be configured to operate in three modes. For more information on the configuration of the login modules and any application server specific behavior, the section on Application Server Configuration within the Cúram Server Deployment Guide for the application server being used should be consulted for further details.
Project specific requirements may mean that more than one login module is needed, e.g., a user may be required to enter more than the username and password for verification purposes. It is possible to configure multiple login modules in the application server. Each login module will be executed in the order as determined by the settings in the application server. For more information on these settings, the WebSphere® or WebLogic Server documentation should be consulted.
Once the user is successfully authenticated by all login modules that require successful authentication of the user (this is configurable in the application server), the user is considered authenticated by the application.