LoginControl DataObject
LoginControl enables multiple principal name authentication.
LoginControl extends from SearchControl.
The structure of a LoginControl data object consists of:
- properties
- specifies the properties you want returned from the principal entity that has been successfully authenticated.
- searchBases
- specifies the search bases used to limit the authentication scope to those bases specified in the list.
- mappedProperties
- specifies the principal names that are mapped to existing virtual member manager properties. This multiple principal names authentication against one account function enables a SimpleLDAPAccount to be backwards compatible with the WebSphere Application Server LDAPRegistry implementation. For example, if you specify mail and employeeId in mappedProperties, virtual member manager constructs a filter to make both properties used in search: ((&(|(mail=<principalName value>)(employeeId=<principalName value>))(objectclass=inetOrgPerson))
XML schema definition
The following is the
XML schema definition for the LoginControl DataObject:
<xsd:complexType name="LoginControl">
<xsd:complexContent>
<xsd:extension base="SearchControl">
<xsd:sequence>
<xsd:element name="mappedProperties" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
Sample data object
The following is a sample
LoginControl data object used in login API. It requests to authenticate
using mail and employeeId properties and the scope is ou=department1,dc=yourco,dc=com
and if successful, return the return the uid, cn, and principalName
properties of the person.
<wim:controls xsi:type="wim:LoginControl">
<searchBases>ou=department1,dc=yourco,dc=com</searchBases>
<wim:properties>uid</wim:properties>
<wim:properties>cn</wim:properties>
<wim:properties>principalName</wim:properties>
</wim:controls>
Note: If you define multiple login properties, then
the first login property is programmatically mapped to the federated
repositories principalName property. For example,
if you set uid;mail as the login properties,
the LDAP attribute uid is mapped to the federated
repositories principalName property. If you define
multiple login properties, after login, the first login property is
returned as the value of the principalName property.
For example, if you pass the principalName value, joe@yourco.com and
the login properties are configured as uid;mail,
the principalName is returned as joe.