I am basing this off of the 'Access Management Authentication Class
Extension to Retrieve Password for Single Sign-on | Novell User
Communities'
(http://www.novell.com/communities/no...rd-single-sign)
coolsolution. I have tried the exact class from this coolsolution, and
I have also tried decompiling the code and making numerous changes to it
for validation. I have not been able to verify that this coolsolution
works in 3.1.

We have two methods on a contract. The first method uses the Kerberos
class. The second was custom developed, who's purpose is to find the ID
of the logged in user (the NIDPPrincipal), grab the password from
Universal Password (using NMAS tools), and set it in the AM credential
profile for use in policies.

The status is that Kerberos authenticates successfully, the second
class runs, successfully grabs the Universal Password, and runs the
following commands:

SSSecret localSSSecret = new SSSecret();
localSSSecret.setName(new SSName("LDAPCredentials"));
SSSecretEntry localSSSecretEntry = new
SSSecretEntry("UserPassword", paramString);
localSSSecret.addSecretEntry(localSSSecretEntry);

addCredential(WSCQSSToken.SS_SecretEntry_LDAPCrede ntials_UserPassword,
localSSSecretEntry);

Where "paramString" is the Universal Password. I have printed this
password to the log to verify it is the correct Universal Password for
the user.

If I do a getCredentials() prior to running the addCredential method, I
get 0 back. If I run it after, I get 1. This seems OK, however I would
expect that my username and DN should already be in the credential
profile, and that I should initially be getting 2 credentials back, not
0.

Here is a section of the IDP log that I see directly after the second,
custom, Authentication class runs. I copied it twice, once in the
scenario when the custom authentication class follows a Kerberos class
(so no password provided by the user), and the second when followed by a
Form-based authentication (password provided by the user). In the first
case, notice there is no "WSCCacheEntry Found!" entry in the log after
the final lookup of UserPassword, but it does appear in the Form
example.

I have tried doing an addCredentials() in the custom auth class, and
this adds two more entries into the credential profile (when I run the
getCredentials() function). However, still the password credential is
not available after the class is done.

Set: AuthenticationCredentials, Allowed override: false
</amLogEntry>
<amLogEntry> 2009-04-24T16:29:37Z NIDS Trace: Method:
WSCCachePushedCacheSet.find()
Thread: http-80-Processor21
(1 of 6):
Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
uniqueId:
NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~40~40~40~40WSCQSST oken~40~40~40~40~2Fcp~3ASecrets~2Fcp~3ASecret~5Bcp ~3AName~3D~22LDAPCredentials~22~5D,
set: AuthenticationCredentials
(2 of 6):
Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
uniqueId:
NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserName~22~5D,
set: AuthenticationCredentials
(3 of 6):
WSCCacheEntry Found!
(4 of 6):
Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
uniqueId:
NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserDN~22~5D,
set: AuthenticationCredentials
(5 of 6):
WSCCacheEntry Found!
(6 of 6):
Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
uniqueId:
NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserPassword~22~5D,
set: AuthenticationCredentials
</amLogEntry>




When doing in the form auth, I see the following:

Set: AuthenticationCredentials, Allowed override: false
</amLogEntry>
<amLogEntry> 2009-04-24T16:48:32Z NIDS Trace: Method:
WSCCachePushedCacheSet.find()
Thread: http-80-Processor25
(1 of 7):
Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
uniqueId:
NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~40~40~40~40WSCQSST oken~40~40~40~40~2Fcp~3ASecrets~2Fcp~3ASecret~5Bcp ~3AName~3D~22LDAPCredentials~22~5D,
set: AuthenticationCredentials
(2 of 7):
Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
uniqueId:
NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserName~22~5D,
set: AuthenticationCredentials
(3 of 7):
WSCCacheEntry Found!
(4 of 7):
Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
uniqueId:
NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserDN~22~5D,
set: AuthenticationCredentials
(5 of 7):
WSCCacheEntry Found!
(6 of 7):
Looking for WSCCacheEntry in WSCCachePushedCacheSet! Target token
uniqueId:
NEPXurn~3Anovell~3Acredentialprofile~3A2005-03~2Fcp~3ASecrets~2Fcp~3ASecret~2Fcp~3AEntry~40~40 ~40~40WSCQSSToken~40~40~40~40~2Fcp~3ASecrets~2Fcp~ 3ASecret~5Bcp~3AName~3D~22LDAPCredentials~22~5D~2F cp~3AEntry~5Bcp~3AName~3D~22UserPassword~22~5D,
set: AuthenticationCredentials
(7 of 7):
WSCCacheEntry Found!
</amLogEntry>




So, somehow it doesn't seem to set the value in the credential cache,
or whatever that thing is. And since it's not there, it doesn't add it
to the credential set.

Any thoughts on whether should be doing what I want it to? This whole
scenario can be tested by installing the coolsolution package and adding
it after a Kerberos class.

Thanks to anyone who can support me on this.


--
jessesmith
------------------------------------------------------------------------
jessesmith's Profile: http://forums.novell.com/member.php?userid=10189
View this thread: http://forums.novell.com/showthread.php?t=371692