83 lines
3.0 KiB
Plaintext
83 lines
3.0 KiB
Plaintext
/***********************************************************************
|
|
*
|
|
* README for JaasSupport
|
|
*
|
|
***********************************************************************/
|
|
|
|
INTRODUCTION
|
|
|
|
CasaLoginModule is a JAAS login module which can be configured
|
|
to validate credentials consisting of CASA Authentication Tokens.
|
|
|
|
CONFIGURATION
|
|
|
|
To use CasaLoginModule for your service, set the java.security.auth.login.config
|
|
property to point to the JAAS configuration file for your application. You must
|
|
also set the org.xml.sax.driver property to point to an appropriate SAX Parser.
|
|
The Xerces SAX Parser is a good option (org.apache.xerces.parsers.SAXParser).
|
|
|
|
The JAAS configuration file should include the following line:
|
|
|
|
com.novell.casa.jaas.CasaLoginModule Required;
|
|
|
|
The CasaLoginModule supports the following parameters:
|
|
|
|
PerformUsernameCheck - This parameter when set to true tells the CasaLoginModule
|
|
that it must verify that the username is set to "CasaPrincipal". If the parameter
|
|
is not specified the username is not checked.
|
|
|
|
CLIENT PROGRAMMING NOTES
|
|
|
|
Clients must specify the same service name when requesting Authentication
|
|
Tokens from the CASA Client as the service name specified by the server
|
|
when opening a JAAS Context.
|
|
|
|
SERVER PROGRAMMING NOTES
|
|
|
|
Server applications validating credentials containing CASA Authentication
|
|
tokens can obtain information about the authenticated identity by getting
|
|
access to the CasaPrincipal that gets associated with the Subject object
|
|
returned from a successful JAAS login. The CasaPrincipal provides the
|
|
following information: username, name of the identity data source (realm),
|
|
and an URL to the identity data source. The CasaPrincipal also contains
|
|
the attributes of the authenticated identity configured as required by the
|
|
service in the Authentication Token Service.
|
|
|
|
EXAMPLE SERVER APPLICATION
|
|
|
|
See src/com/novell/casa/jaas/sample/SampleApp.java for an example application
|
|
using JAAS to authenticate credentials consisting of CASA Authentication Tokens.
|
|
|
|
Note that to get the application to run you must set the path to the JAAS configuration
|
|
file as the JAVA property java.security.auth.login.config. You must also make sure that
|
|
the JAVA property org.xml.sax.driver.org is set to a valid SAX parser. The following shows
|
|
the JAVA options that you would set to run the test application: -Djava.security.auth.login.
|
|
config=/home/user/SampleApp/SampleApp.conf -Dorg.xml.sax.driver=org.apache.xerces.parsers.
|
|
SAXParser
|
|
|
|
The SampleApp.conf file should have the following contents:
|
|
|
|
SampleApp {
|
|
com.novell.casa.jaas.CasaLoginModule Required debug=true;
|
|
};
|
|
|
|
You must also include the CasaJaasSupport.jar and CasaAuthToken.jar files in the
|
|
CLASSPATH of the application.
|
|
|
|
SECURITY CONSIDERATIONS
|
|
|
|
CASA Authenticatication Tokens when compromised can be used to either impersonate
|
|
a user or to obtain identity information about the user. Because of this it is
|
|
important that the tokens be secured by applications making use of them. It is
|
|
recommended that the tokens be transmitted using SSL.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|