3 Replies Latest reply on Mar 8, 2008 1:46 AM by 666705

    Custom Identity Assertion Provider that does Login

    666705
      I'm trying to create an Identity Assertion Provider/ Login Module pair that uses a proprietary cookie set by a reverse proxy to authenticate a user to a WLS 10.0 domain.

      Since the Login Module is dependent on the specific Identity Assertion Provider, I thought it made sense to combine them into a single Authentication Provider rather than two.

      The documentation for creating custom Identity Assertion providers says I just have to implement the LoginModule interface in my implementation.

      However, it's not very clear as to what I should do for the MBean definition. All I can find is that Identity Assertion Provider MBeans should extend IdentityAsserter and that Authentication Provider MBeans should extend Authenticator.

      Does this mean I need to split my code into two separate providers or can I manually add MBean attributes for things like Control Flag?

      Thanks for any information,

      Dan
        • 1. Re: Custom Identity Assertion Provider that does Login
          666705
          Dan,

          I can't answer your question without doing some research that I can't do this week. I'll try next week.

          In the meantime, I hope someone else can help so you don't have to wait.

          David

          BTW, I solved a similar problem in a different way. I created an Identity Asserter that validated a proprietary cookie and extracted identity from it. The Identity asserter was called from a servlet that then called runAs. In other words, the servlet called weblogic.security.services.Authentication.assertIdentity and then weblogic.servlet.security.ServletAuthentication.runAs with the returned Subject. Of course, then you have to redirect to the real target URL. Not sure if this helps.
          • 2. Re: Custom Identity Assertion Provider that does Login
            666705
            Thanks David,

            I'll keep working and see if I can figure it out.

            I don't think your suggestion will work for me because I'm using this to front WebLogic Portal Server so I don't think I'll be able to figure out all the proper URLs.

            Dan
            • 3. Re: Custom Identity Assertion Provider that does Login
              666705
              Did you get a solution for this. Could you combine both Identity and user/password into a single provider ?