2006-05-01 23:26:39 +02:00
|
|
|
/***********************************************************************
|
|
|
|
|
*
|
2006-05-19 22:11:14 +02:00
|
|
|
* README for AuthTokenSvc
|
2006-05-01 23:26:39 +02:00
|
|
|
*
|
|
|
|
|
***********************************************************************/
|
|
|
|
|
|
|
|
|
|
INTRODUCTION
|
|
|
|
|
|
2006-05-19 22:11:14 +02:00
|
|
|
AuthTokenSvc is the CASA Authentication Token Service (ATS). It is implemented
|
|
|
|
|
as a Java servlet and supporting classes that execute in the Tomcat environment.
|
2006-05-01 23:26:39 +02:00
|
|
|
|
|
|
|
|
The ATS is responsible for providing clients with the necessary authentication
|
|
|
|
|
policy information, for authenticating client entities, and for providing
|
|
|
|
|
clients with Authentication Tokens that they can then use for authenticating
|
|
|
|
|
to CASA Authentication enabled services.
|
|
|
|
|
|
|
|
|
|
The ATS utilizes mechanism plug-ins for authenticating client entities as well
|
|
|
|
|
Identity Token Providers for the generation of Identity Tokens.
|
|
|
|
|
|
2006-05-19 22:11:14 +02:00
|
|
|
CONFIGURATION
|
|
|
|
|
|
|
|
|
|
AuthTokenSvc configuration consists of multiple entities. Most of the AuthTokenSvc
|
|
|
|
|
configuration is contained within the "conf" folder under the WEB-INF folder of the
|
|
|
|
|
application. For an example configuration setup for the AuthTokenSvc see the
|
|
|
|
|
sampleConf folder.
|
|
|
|
|
|
|
|
|
|
CONFIGURING AUTHENTICATION MECHANISMS
|
|
|
|
|
|
|
|
|
|
Authentication mechanisms available to the AuthTokenSvc are configured by creating
|
|
|
|
|
a sub-folder named after the authentication mechanism type under the
|
|
|
|
|
conf/auth_mechanisms folder. The authentication mechanism folders must contain a
|
|
|
|
|
settings file named mechanism.settings. The mechanism.settings file must contain the
|
|
|
|
|
name of the class implementing the mechanism along with path information which
|
|
|
|
|
can be utilized by the ATS to load the class. The mechanism.settings file can
|
|
|
|
|
also contain mechanism specific settings.
|
|
|
|
|
|
|
|
|
|
The following setting is mandatory:
|
|
|
|
|
|
|
|
|
|
One of the following settngs must be included:
|
|
|
|
|
|
|
|
|
|
For example mechanism.settings files look at sampleConf/auth_mechanisms/
|
|
|
|
|
|
2006-05-01 23:26:39 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
CONFIGURING ADDITIONAL IDENTITY TOKEN PROVIDERS
|
|
|
|
|
|
|
|
|
|
- TBD -
|
|
|
|
|
|
|
|
|
|
SECURITY CONSIDERATIONS
|
|
|
|
|
|
|
|
|
|
- TBD -
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
