c71a90410c
made necessary by autobuild limitations that forced us to build native components separate from the java components. |
||
---|---|---|
.. | ||
src | ||
.classpath | ||
.project | ||
make_and_run_test.sh | ||
Makefile.am | ||
README | ||
TODO |
/*********************************************************************** * * README for JaasSupport * ***********************************************************************/ INTRODUCTION CasaLoginModule is a JAAS login module which can be configured to validate credentials consisting of CASA Authentication Tokens. CONFIGURATION To use CasaLoginModule for your service, set the java.security.auth.login.config property to point to the JAAS configuration file for your application. You must also set the org.xml.sax.driver property to point to an appropriate SAX Parser. The Xerces SAX Parser is a good option (org.apache.xerces.parsers.SAXParser). The JAAS configuration file should include the following line: com.novell.casa.jaas.CasaLoginModule Required; The CasaLoginModule supports the following parameters: PerformUsernameCheck - This parameter when set to true tells the CasaLoginModule that it must verify that the username is set to "CasaPrincipal". If the parameter is not specified the username is not checked. CLIENT PROGRAMMING NOTES Clients must specify the same service name when requesting Authentication Tokens from the CASA Client as the service name specified by the server when opening a JAAS Context. SERVER PROGRAMMING NOTES Server applications validating credentials containing CASA Authentication tokens can obtain information about the authenticated identity by getting access to the CasaPrincipal that gets associated with the Subject object returned from a successful JAAS login. The CasaPrincipal provides the following information: username, name of the identity data source (realm), and an URL to the identity data source. The CasaPrincipal also contains the attributes of the authenticated identity configured as required by the service in the Authentication Token Service. EXAMPLE SERVER APPLICATION See src/com/novell/casa/jaas/sample/SampleApp.java for an example application using JAAS to authenticate credentials consisting of CASA Authentication Tokens. Note that to get the application to run you must set the path to the JAAS configuration file as the JAVA property java.security.auth.login.config. You must also make sure that the JAVA property org.xml.sax.driver.org is set to a valid SAX parser. The following shows the JAVA options that you would set to run the test application: -Djava.security.auth.login. config=/home/user/SampleApp/SampleApp.conf -Dorg.xml.sax.driver=org.apache.xerces.parsers. SAXParser The SampleApp.conf file should have the following contents: SampleApp { com.novell.casa.jaas.CasaLoginModule Required debug=true; }; You must also include the CasaJaasSupport.jar and CasaAuthToken.jar files in the CLASSPATH of the application. SECURITY CONSIDERATIONS CASA Authenticatication Tokens when compromised can be used to either impersonate a user or to obtain identity information about the user. Because of this it is important that the tokens be secured by applications making use of them. It is recommended that the tokens be transmitted using SSL.