Using X509 subject with identity injection

[Roger_Sz]

Hi ncashell,

Are you sure the code works? It seems the m_Session.isAuthenticated() is always false because IDP calls the LocalAuthenticationClass first and only if it returns AUTHENTICATED it will then authentocate the session...please correct me when I'm wrong, thanks.

Originally Posted by ncashell

you can extend the x509 class to read the subject name and write out the cn and o to the customisation profile. Then you need to use identity injection to inject the various strings. Here's some sample code store the x509 data read into a profile that we can then reference in the attribute set used by SAML. The key routine is the doAuthenticate() where we take a custid parameter passed into us, and save it in the customizationstring1 attribute. In your case, he would then map the attribute set so that customisation string1 is used. package com.novell.nidp.authentication.local; import java.util.*; import com.novell.nidp.*; import com.novell.nidp.authentication.*; import com.novell.nidp.authentication.card.*; import com.novell.nidp.liberty.wsc.*; import com.novell.nidp.liberty.wsc.impl.*; import com.novell.nidp.liberty.wsc.modify.*; import com.novell.nidp.liberty.wsf.idsis.schema.base.*; import com.novell.nidp.liberty.wsf.model.*; import com.novell.nidp.servlets.*; public class STClass extends LocalAuthenticationClass { /** * Constructor for form based authentication * * @param props Properties associated with the implementing class * @param uStores List of ordered user stores to authenticate against */ public STClass(Properties props, ArrayList uStores) { super(props,uStores); } /** * Get the authentication type this class implements * * @return returns the authentication type represented by this class */ public String getType() { return AuthnConstants.OTHER; } /** * Perform form based authentication. This method gets called on each response * during authentication process * * @return returns the status of the authentication process which is * one of AUTHENTICATED, NOT_AUTHENTICATED, CANCELLED, HANDLED_REQUEST, * PWD_EXPIRING, PWD_EXPIRED */ protected int doAuthenticate() { String customerID = m_Request.getParameter("custid"); // Mike can use whatever he wants here if (!m_Session.isAuthenticated() || customerID == null) return NOT_AUTHENTICATED; try { // Customizable attribute 1 is the one we use to contain customer data to send, // but this can change to another if necessary WSCMOPToken token = (WSCMOPToken)WSCToken.getToken(WSCMOPToken.OP_CS_C ustomizableString1.getTokenUniqueId()); // Build object for new data WSFModelEntry modelEntry = token.getModelEntry(); IDSISCommonAttributeElement data = modelEntry.getSchemaClassInstance(); if (data instanceof IDSISLeafAttributeElement) ((IDSISLeafAttributeElement)data).setText(customer ID); WSCMDataToken dataToken = new WSCMDataToken(token, data); dataToken.setAllowOverride(true); // WSCResponse response = WSC.modifyData(m_Session, new WSCMDataToken[]{dataToken},m_Request.getLocale()); // if (WSCResponse.STATUS_ALL_SUCCESS == response.getStatus()) // { // return true; // } } catch (Exception ex) {} // Get url of intersite transfer service for the desired protocol and identifier String url = m_SessionData.appendIDToUrl(NIDPContext.getNIDPCon text().getBaseUrl() + getProperty("Protocol") + "/idpsend?id=" + getProperty("ContractID")); m_Request.setAttribute("url",url); // Going to top ensures we are not displaying in any frames ((NIDPServletContext)NIDPContext.getNIDPContext()) .goJSP(m_Request,m_Response,"top"); return HANDLED_REQUEST; } }