Using the Java Authentication and Authorization Service (JAAS) login framework, you can create a JAAS login configuration that can be used to perform login to an identity assertion.
Before you begin
You can allow an application or system provider to perform an identity assertion with trust validation. To do this, you use the JAAS login framework, where trust validation is accomplished in one login module and credential creation is accomplished in another module. The two custom login modules allow you to create a JAAS login configuration that can be used to perform a login to an identity assertion. com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.state
(which consists of)
com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.trusted
(which is set to true if trusted and false if not trusted)
com.ibm.wsspi.security.common.auth.module.IdenityAssertionLoginModule.principal
(which contains the principal of the identity)
com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.certificates
(which contains the certificate of the identity)
com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.trusted
(which when true indicates trusted and false when not trusted)
com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.principal
(which contains the principal of the identity to login, if using a principal)
com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.certificates
(which contains a array of a certificate chain that contains the identity to login, if using a certificate)
A "WSLoginFailedException" is returned if the state, trust, or identity information is missing. The login module then performs a login of the identity, and the subject will contain the new identity
Steps for this task
MyCallbackHandler handler = new MyCallbackHandler(new MyPrincipal(“Joe”)); LoginContext lc = new LoginContext(“MyAppLoginConfig”, handler); lc.login(); //assume successful Subject s = lc.getSubject(); WSSubject.setRunAsSubject(s); // From here on , the runas identity is “Joe”
Result
Using the JAAS login framework and two user implemented login modules, you can create a JAAS login configuration that can be used to perform login to an identity assertion.Related concepts
Identity assertions with trust validation
Related tasks
Enabling identity assertion with trust validation
Customizing application login forms with Java Authentication and Authorization
Service
Related reference
Custom login module development for a system login configuration
Customizing a server-side Java Authentication and Authorization Service
authentication and login configuration