Sunday, May 19, 2013

Creating a Custom Authentication Plugin


Creating a Custom Authentication Plugin in OAM 11gR1
The oracle documentation is not very clear on how to create a sample OAM plugin and it takes a while to create and get one working. Recently I had to work on creating a custom cookie for a legacy web application to achieve single sign on between EPP applications protected by OAM and legacy web portal. Below are the brief steps on how to create one. The code was created using eclipse. Below are the steps on how to create a sample OAM plugin.
1)      Create a Sample Java Project. Say SampleOAMPlugin. Important: Please note that the name of java project, java class and the Meta data xml should be same.
2)      Add the following jar files to the build path of the eclipse project. Felix.jar, felix-service.jar, extensibility_lifecycle.jar, oam-plugin.jar,identitystore.jar,identity provider.jar and utilities. .jar. These jar files will be found in a tmp folder under Domain home . $DOMAIN_HOME/servers/$ADMIN_SERVER_NAME/tmp/_WL_user/oam_admin_11.1.1.3.0/XXXXXX/APP-INF/lib/oam-plugin.jar
3)      Under the src folder in eclipse create a folder called META_INF and inside it create a file called MANIFEST.MF
4)      Under the src folder create a xml file called SampleOAMPlugin.xml.
5)      If you have any third party library dependent jar files create a folder say lib under the project at the same level as the src folder. The jar file which will be created will have only these jar files and not the ones in the step 2.
6)      Create a java package say sample and create a java class SampleOAMPlugin , it has to be same name as of the project.
7)      The java class should extend AbstractAuthenticationPlugIn found in the package oracle.security.am.plugin.authn.So the java project structure should be like this:-
8)      Out of the several inherited methods in the SampleOAMPlugin class we need to implement the the process method .public ExecutionStatus process(AuthenticationContext context)throws AuthenticationException method.
9)      To extract the username and password entered on the custom login page use the below methods. The below methods will only work when the username and password fields defined on the login form are username and password.
CredentialParam credentialParam = context.getCredential().getParam(PluginConstants.KEY_USERNAME);
 String userName = (String)credentialParam.getValue();
credentialParam = context.getCredential().getParam(PluginConstants.PASSWORD); String password = (String)credentialParam.getValue();
10)   If you need any values which have to be read at runtime(like a properties a file in java), like let’s say domain name for the cookie, or the identity store against which we may want to authenticate the users  you can define that in the meta data xml created in step 4 . To read those values use below statements.. for e.g  if KEY_IDENTITY_STORE_REF is a field defined in meta data xml file.
String stepName = context getStringAttribute(PluginConstants.KEY_STEP_NAME);
String identityStoreRef = PlugInUtil.getFlowParam(stepName,"KEY_IDENTITY_STORE_REF", context);
11)   For authenticating the users use the below statements. Though you may not need these if you are authenticating against an OID. Oracle has two out of box plugins for identifying and authenticating the users. UserIdentificationPlugin and UserAuthenticationPlugin.
 UserIdentityProvider provider = UserIdentityProviderFactory.getProvider(identityStoreRef);
boolean isAuthenticated = provider.authenticateUser(userName, password);
12)   For looking up some attribute from user identity store like OID, for example email you can use the below methods. String[] userAttributeName = {"mail" };
 AuthnUser userauth = new AuthnUser();
 userauth.setUserName(userName);
List<String> attributeNames = Arrays.asList(userAttributeName);
Map<String, String> resultMap = provider.getUserAttributes(userauth, attributeNames);
String resultAttributeValue = resultMap.get(userAttributeName[0]);
 String emailId = resultAttributeValue;
13)   If you are using this plugin as a for authentication then, you have to return some mandatory responses in the plugin response and also set the subject if the user is authenticated, else if you are using Oracle’s plugin for authentication/identification , the following steps are not required. Create a subject as follows for the authenticated users.
Subject subject = new Subject();
if (isAuthenticated) {
subject.getPrincipals().add(new OAMUserPrincipal(userIdentity));
subject.getPrincipals().add(new OAMUserDNPrincipal(userDN));
if (guid != null)subject.getPrincipals().add(new OAMGUIDPrincipal(guid));
else subject.getPrincipals().add(new OAMGUIDPrincipal(userIdentity));
}context.setSubject(subject);
Set mandatory responses in Plugin Response.  The three responses which need to be set are KEY_RETURN_ATTRIBUTE, KEY_IDENTITY_STORE_REF, KEY_AUTHENTICATED_USER_NAME. PluginResponse rsp = new PluginResponse();
rsp.setName(PluginConstants.KEY_RETURN_ATTRIBUTE);
rsp.setType(PluginAttributeContextType.LITERAL);
rsp.setValue(provider.getReturnAttributes());//provider is the user identity provider
context.addResponse(rsp);
// 2 nd response
IDPAdmin idpAdmin = UserIdentityProviderFactory.getIDPAdmin();
String runtimeIDStore = idpAdmin.getDefaultProviderName();
rsp = new PluginResponse();
rsp.setName(PluginConstants.KEY_IDENTITY_STORE_REF);
rsp.setType(PluginAttributeContextType.LITERAL);
rsp.setValue(runtimeIDStore);
context.addResponse(rsp);
//3 rd response
UserInfo user = provider.locateUser(userName);
String userIdentity = user.getUserObject().getPrincipal().getName();
rsp = new PluginResponse();
rsp.setName(PluginConstants.KEY_AUTHENTICATED_USER_NAME);
rsp.setType(PluginAttributeContextType.LITERAL);
rsp.setValue(userIdentity);
context.addResponse(rsp);
14)   If we need set the custom cookie we need to create class in the package which should extend oracle.security.am.plugin.GenericTransportToken and implements the getter and setter methods.
 import oracle.security.am.plugin.GenericTransportToken;
public class TokenClass implements GenericTransportToken {
/*
* This is a sample Tokenclass that creates a GenericTransportToken,
* which can be set on the transportContext as a cookie.
* It has all the cookie details:Name,Value,MaxAge, Version, Domain and secure flag.
*/
/** The token name. */
private final String m_tokenName;
/** The token version. */
private String m_tokenVersion;
...
...
//Instantiates a new TransportToken.
public TokenClass(String tokenName, String tokenValue) {
m_tokenName = tokenName;
m_tokenValue = tokenValue;
}
//Retrieve the token name
public String getTokenName() {
return m_tokenName;
}
..
..
@Override
public void setMaxAgeInSeconds(int age) {
this.m_maxAgeInSeconds = age;
}
...
....
@Override
public void setTokenVersion(String version) {
this.m_tokenVersion = version;
}
}
In the plugin class, call this class constructor and access the values using the getter and setter methods. Set the cookie using oracle.security.am.plugin.GenericTransportContext.
GenericTransportContext trContext = context.getTransportContext();
TokenClass tok = new TokenClass(cookieName, "cookieValue");
tok.setMaxAgeInSeconds(12000);
tok.setTokenDomain(“.abc.org”);
trContext.setToken(tok, false);
15)   For logging use
private final static Logger LOGGER = java.util.Logger.getLogger(SampeCookieCreationPlugin.class.getCanonicalName());
LOGGER.info(CLASS_NAME + " Entering SampleCookieCreationPlugin.process");
To view this logs in oam server diagnostic logs run the following commands using wlst. connect('weblogic','weblogic1','t3://localhost:7001')
domainRuntime()
setLogLevel(logger="oracle.oam.plugin",level="TRACE:32", persist="0", target="oam_server1")
After the above commands are run you should see the following line in logs.
[sample.SampleOAMPlugin] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0d58708dceef42e5:7313f42d:13ea0e820c9:-8000-0000000000002f7a,0] [APP: oam_server]sample.SampleOAMPlugin Entering SampleCookieCreationPlugin.process
16)   Jar file Manifest file .In the bundle class path include the current class. And dependent jar files. Make sure the Symbolic Name and bundle name are same as the java project name.
 Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-SymbolicName: SampleOAMPlugin
Bundle-Name: SampleOAMPlugin
Bundle-Version: 10
Bundle-Activator: sample.SampleOAMPlugin
Import-Package: javax.security.auth,
 javax.crypto.spec,
 javax.crypto,
 oracle.security.am.common.utilities.principal,
 oracle.security.am.engines.common.identity.provider,
 oracle.security.am.plugin,
 oracle.security.am.plugin.api,
 oracle.security.am.plugin.authn,
 oracle.security.idm,
 org.osgi.framework;version="1.3.0"
Bundle-ClassPath: .,
lib/core.jar,
lib/j2ee.jar,
 lib/redpoint-core.jar

17)   Meta data xml file. Although the oracle documents says that the interface and implementation elements are optional but it seems they are required. You will not be able to activate the oam plugin without these parameters. The Attribute Value pair provides us with an ability to define parameters whose value can be changed from OAM console. Refer Step 10 on how to read from this xml file in plugin class.
<Plugin name="SampleOAMPlugin" type="Authentication">
<author>uid=cn=orcladmin</author>
                <email>abc@abc.dev</email>
                <creationDate>09:32:20, 2010-12-02</creationDate>
                <version>10</version>
                <description>Custom Sample Auth Plugin</description>
                <interface>oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn</interface>
                <implementation>sample.SampleOAMPlugin</implementation>
                <configuration>
                                <AttributeValuePair>
                                                <Attribute type="string" length="20">KEY_IDENTITY_STORE_REF</Attribute>
                                                <mandatory>true</mandatory>
                                                <instanceOverride>false</instanceOverride>
                                                <globalUIOverride>false</globalUIOverride>
                                                <value>DEVOID</value>
                </AttributeValuePair>
                                <AttributeValuePair>
                                                <Attribute type="string" length="20">CookieDomain</Attribute>
                                                <mandatory>true</mandatory>
                                                <instanceOverride>false</instanceOverride>
                                                <globalUIOverride>false</globalUIOverride>
                                                <value>abc.dev</value>
                                </AttributeValuePair>
                </configuration>
</Plugin>
18)   When exporting this jar file from eclipse  just keep in mind to use the manifest file which we created. Right click on the java project and say export jar file. Browse to our manifest file.
19)   That’s it . After this we need to upload this jar file using the OAM console. Reference http://docs.oracle.com/cd/E21764_01/doc.1111/e12491/authnapi.htm#autoId17
Posted by at
Labels:

25 comments:

  1. Kush Kumar SinghMay 19, 2013 at 8:14 PM

    Very Helpful.

    ReplyDelete
  2. UnknownMay 20, 2013 at 6:43 AM

    Very helpful. Thanks Abhay for sharing info on this complex topic..!!

    ReplyDelete
  3. Rahul SarupMay 23, 2013 at 7:16 PM

    Brilliant Abhay! It couldn't have been elaborated further! Cheers

    ReplyDelete
  4. Tamim KhanJune 12, 2013 at 7:38 PM

    I like you point 13. It help me lot...

    ReplyDelete
  5. RichardAugust 5, 2013 at 5:28 AM

    The OAM Product Managers need to hire you to document this process. This is outstanding, whereas the Oracle documentation is outright poor on this topic. It is so bad the sample code is in screen shots: I guess because they don't want some poor developer to cut & paste an example that DOESN'T WORK!

    Thanks again!!

    ReplyDelete
  6. UnknownAugust 13, 2013 at 4:32 AM

    Hello,

    I am trying to set a plugin response of a type "REDIRECT" as I want to redirect the user to some another url(different from original requested resource).

    I am using standard identification and authentication plugins and then a custom plugin for redirection.

    my plugin has below statements -

    PluginResponse resp = new PluginResponse();
    resp.setName("resource_url"); //also tried with PluginConstants.URL, no luck
    resp.setType(PluginAttributeContextType.REDIRECT);
    resp.setValue("http://www.openldap.org/");
    context.addResponse(resp);
    However, it is not working as expected.
    Could you please help me?

    ReplyDelete
    Replies
    1. AbhayAugust 23, 2013 at 1:48 PM

      Hi Purva,
      While I figure out what can be done in Plugin, Can I suggest you to do the following.In the OAMConsole go to Policy configuration->Application Domains->Your domain->Protected Resource Policy->Specify the url in the Success URL box. The OAM will redirect you to the url specifed in the success URL box.

      Delete
    2. AbhayAugust 24, 2013 at 2:19 PM

      Try with these lines of code :-
      final RedirectionContextData redirectionData = new RedirectionContextData(
      "url",RedirectionMetaData.URL);
      String queryString = "queryParam1=test1;queryParam2=test2";
      final RedirectionContextData queryStringData = new RedirectionContextData(
      queryString, RedirectionMetaData.QUERY_STRING);

      RedirectionActionContext redirectionContext = new RedirectionActionContext();
      redirectionContext.getContextData().add(redirectionData);
      redirectionContext.getContextData().add(queryStringData);
      RedirectionAction action = new RedirectionAction(redirectionContext);

      Delete
    3. UnknownMay 15, 2014 at 8:42 PM

      Hi Abhay,

      I tried using the above lines of code to redirect to a URL but it is not getting redirected. I have hard coded the URL for now. Can u please elaborate or share a working example so that i can check if i am missing anything. Any help will be greatly appreciated.

      Delete
    4. AbhayMay 30, 2014 at 1:50 PM

      Hi Anuja,
      See the following from Oracle SAMPLE code :-
      /*
      * We can specify the login page URL as part of the UserContextData - the plugin will redirect or forward to this page to collect credentials
      *
      * actionType = REDIRECT_GET or REDIRECT_POST
      * -------------------------------------------
      * The loginPageURL to which the plugin redirects as part of UserAction should be a fully qualifid URL in this case.
      * For eg:- A login application - SampleLoginWAR, can be deployed on any container(external) and we can specify the URL to redirect to.
      * loginPageURL = "http://external container host:port/SampleLoginWAR/pages/MFALogin.jsp";
      *
      * actionType = FORWARD
      * ---------------------
      * When actionType is set to FORWARD, the userAction can forward to the login page specified at the AuthN scheme configuration.
      * If we want to forward to a login page different from the authN scheme configuration, we can specify the loginPageURL as shown below.
      * final UserContextData urlContext = new UserContextData(loginPageURL, new CredentialMetaData("URL"));
      *
      * For eg:- The AuthN scheme may have the configurations as "/SampleLoginWAR/pages/MFALogin.jsp", with ContextRoot as "/SampleLoginWAR".
      * There may be a case we want to forward to "/SampleLoginWAR/pages/MFAUserdetails.jsp" to collect userdetails
      * and "/SampleLoginWAR/pages/MFAPassworddetails.jsp" to collect password details.
      * In such a case we can specify the urlContext as shown below.
      *
      */
      final UserContextData urlContext = new UserContextData(loginPageURL, new CredentialMetaData("URL"));

      //QUERY_STRING: specifies the query parameters that need to be sent with the loginPageURL.
      //This can be used/processed by the login page. Any kind of inormation can be passd as query parameters.
      String queryString = "queryParam1=testParameter";

      final UserContextData queryStringContext =new UserContextData(queryString, new CredentialMetaData("QUERY_STRING"));

      //This is the context that holds the different UserContextData - metadata that needs to be collected from the login page.
      UserActionContext actionContext = new UserActionContext();

      //add the UserContextData to the CredentialActionContext
      actionContext.getContextData().add(userNameContext);
      actionContext.getContextData().add(passwordContext);
      actionContext.getContextData().add(urlContext);
      actionContext.getContextData().add(queryStringContext);

      /*
      * UserActionMetaData - indicates the action type the UserAction class.
      * The UserAction does a forward or a redirect (with a GET or POST) to the login page based on the UserActionMetaData value.
      * Possible values are : FORWARD, REDIRECT_GET, REDIRECT_POST
      */

      UserActionMetaData userAction = UserActionMetaData.FORWARD;
      if(actionType.equals("REDIRECT_GET")) {
      userAction = UserActionMetaData.REDIRECT_GET;
      } else if (actionType.equals("REDIRECT_POST")) {
      userAction = UserActionMetaData.REDIRECT_POST;
      }
      System.out.println("Action MetaData Type "+ userAction.name());

      UserAction action = new UserAction(actionContext, userAction);
      System.out.println("Setting the execution action in the authentication context");
      context.setAction(action);

      //Set the status to PAUSE inorder to force a forward/redirect to the login page. The plugin resumes execution when credentials are entered and submitted back to the server.
      return status;
      }

      Delete
  7. Born LoserSeptember 5, 2013 at 10:18 PM

    Abhay,
    This is very helpful, however I am not able to get the value of KEY_IDENTITY_STORE_REF defined in my plugin xml file. I have following code in my plugin:
    String stepName = context.getStringAttribute(PluginConstants.KEY_STEP_NAME);
    String identityStoreRef = PlugInUtil.getFlowParam(stepName,"KEY_IDENTITY_STORE_REF", context);
    LOGGER.fine("Step Name "+stepName+" Identity Store Reference "+identityStoreRef);

    Step Name ECGLDAPAuthentication Identity Store Reference null - printed in log


    KEY_IDENTITY_STORE_REF

    false
    false
    false
    OUDIdentityStore

    ReplyDelete
    Replies
    1. AbhaySeptember 21, 2013 at 4:14 PM

      Have you defined the identity store from the OAM console. You have to provide the value of KEY_IDENTITY_STORE_REF in the orchestration steps of the plugin when you upload it.

      Delete
  8. UnknownMay 31, 2014 at 5:36 PM

    Hi folks I need help.

    I follow these steps for consume a web service inside the plugin, my Plugin is activated succesfully but when I deploy get this error:

    java.lang.IllegalArgumentException: interface com.conecta.services.ConectaCryptography is not visible from class loader
    at java.lang.reflect.Proxy.getProxyClass0(Proxy.java:461)
    at java.lang.reflect.Proxy.newProxyInstance(Proxy.java:690)
    at weblogic.wsee.jaxws.spi.ClientInstance.createProxyInstance(ClientInstance.java:143)
    at weblogic.wsee.jaxws.spi.WLSProvider$ServiceDelegate.getPort(WLSProvider.java:899)
    at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:344)
    at weblogic.wsee.jaxws.spi.WLSProvider$ServiceDelegate.getPort(WLSProvider.java:836)
    at com.sun.xml.ws.client.WSServiceDelegate.getPort(WSServiceDelegate.java:326)
    at javax.xml.ws.Service.getPort(Service.java:92)
    at com.conecta.services.ConectaCryptography_Service.getConectaCryptographyPort(ConectaCryptography_Service.java:56)
    at com.paq1.ExamplePlugin.process(ExamplePlugin.java:115)
    at oracle.security.am.engine.authn.internal.executor.PlugInExecutor.execute(PlugInExecutor.java:197)
    at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:105)
    at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:267)
    at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:862)
    at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:319)
    at oracle.security.am.controller.MasterController.processEvent(MasterController.java:596)
    at oracle.security.am.controller.MasterController.processRequest(MasterController.java:788)
    at oracle.security.am.proxy.oam.requesthandler.NGProvider.authenticate(NGProvider.java:754)
    at oracle.security.am.proxy.oam.requesthandler.NGProvider.getAuthenticateWAuditResponse(NGProvider.java:1714)
    at oracle.security.am.proxy.oam.requesthandler.NGProvider.getResponse(NGProvider.java:375)
    at oracle.security.am.proxy.oam.requesthandler.RequestHandler.handleRequest(RequestHandler.java:366)
    at oracle.security.am.proxy.oam.requesthandler.RequestHandler.handleMessage(RequestHandler.java:170)
    at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean.getResponseMessage(ControllerMessageBean.java:122)
    at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean_eo7ylc_MDOImpl.__WL_invoke(Unknown Source)
    at weblogic.ejb.container.internal.MDOMethodInvoker.invoke(MDOMethodInvoker.java:35)
    at oracle.security.am.proxy.oam.requesthandler.ControllerMessageBean_eo7ylc_MDOImpl.getResponseMessage(Unknown Source)
    at oracle.security.am.proxy.oam.mina.ObClientToProxyHandler.messageReceived(ObClientToProxyHandler.java:223)
    at org.apache.mina.common.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:743)
    at org.apache.mina.common.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:405)
    at org.apache.mina.common.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:40)
    at org.apache.mina.common.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:823)
    at org.apache.mina.common.IoFilterEvent.fire(IoFilterEvent.java:54)
    at org.apache.mina.common.IoEvent.run(IoEvent.java:62)
    at oracle.security.am.proxy.oam.mina.CommonJWorkImpl.run(CommonJWorkImpl.java:41)
    at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:184)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    >

    ReplyDelete
    Replies
    1. AbhayJune 19, 2014 at 8:29 AM

      Did you check your manifest.mf file ? All your packages should be listed there ? All your referenced third party libraries should be there in the lib folder.

      Delete
  9. UnknownNovember 10, 2014 at 11:50 AM

    Hi Abhay,

    I have a custom plugin with external jar references. I have added the interface and impl elements as you mentioned and the manifest file also follows the template you have shared here. However, the plugin activation is failing. Can you please share any troubleshooting tips for this

    ReplyDelete
    Replies
    1. AbhayNovember 15, 2014 at 10:53 AM

      Did you check your OAM logs enable the trace 32 level from EM console and and you should get some more information ? You should be able to see in the diagnostic logs as to which class in not found ?

      Delete
  10. UnknownMarch 21, 2015 at 9:28 PM

    Hi Abhay, As a part of my project assignment, I have created a login.html page which accepts user id & password. Then , I created a helloworld.html page & protected it. Now I need your urgent help / guidance to create an OAM plugin to accept the password. It should convert the password to uppercase & create a cookie & print the value using a cookie. Request for urgent help. Thanks Kamal

    ReplyDelete
  11. UnknownMarch 25, 2015 at 8:54 AM

    Hi Abhay, As a part of my project assignment I have created a Login.html page, which accepts user id & password.Then I have created a page HelloWorld.html and protected it. Now I need your kind guidance in creating an OAM plug-in to accept the password & which should convert the password to uppercase and create a cookie and print the value using a cookie.
    Would appreciate quick response as it is urgently needed.

    ReplyDelete
  12. AbhayApril 12, 2015 at 10:17 PM

    Hi Kamal,
    What is the issue you are facing ? the requirement which u have is pretty straightforward.
    This is how you get the password:-
    credentialParam = context.getCredential().getParam(PluginConstants.PASSWORD);
    String password = (String)credentialParam.getValue();

    See step 14 how to create cookie.

    ReplyDelete
  13. UnknownApril 17, 2015 at 2:31 AM

    Hi Abhay,

    I am facing an issue while importing the plugin jar file in OAM. The error states that the plugin jar name and the plugin XML name do not match.
    I have made sure that the names are same, what could be the possible reason for this error?

    ReplyDelete
  14. madhurMay 3, 2015 at 10:49 PM

    HI Abhaya,
    Thanks.

    When I have tried to import jar, jar file imported successfully and can see inside oam . but plugin is not visible for me.
    do you have any working example, can you share here or @madhur.mca@gmail.com


    I have created one sample java project - and in sampleplugin.java written only process method, do we need initialize method as well ? is there ant article that can help me.

    My basic requirement is we have to implement NTLM authorisation in OAM 11g.
    but as in OAM 11g NTLM is not supported so need to write custom plugin

    ReplyDelete
  15. spamMay 23, 2015 at 7:07 AM

    Hi Abhay,
    Thanks for the very useful information. But I am unable to set cookie using the above logic. Please help.
    Please find code below:
    System.out.println("Setting cookie");
    String cookieValue = "My TesCookie";
    String cookieName = "TestCookie";
    TokenClass tok = new TokenClass(cookieName, cookieValue);
    tok.setMaxAgeInSeconds(1200);
    GenericTransportContext trContext = authenticationContext.getTransportContext();
    trContext.setToken(tok, false);
    Map reqParams = trContext.getParameters();
    System.out.println(reqParams);

    TokenClass below:
    package com.goma.customplugin;

    import oracle.security.am.plugin.GenericTransportToken;

    public class TokenClass implements GenericTransportToken {

    private final String m_tokenName;
    private String m_tokenValue;
    private int m_maxAgeInSeconds;

    public TokenClass(String tokenName, String tokenValue) {
    m_tokenName = tokenName;
    m_tokenValue = tokenValue;
    }

    @Override
    public int getMaxAgeInSeconds() {
    // TODO Auto-generated method stub
    return 0;
    }

    @Override
    public String getTokenDomain() {
    // TODO Auto-generated method stub
    return null;
    }

    @Override
    public String getTokenName() {
    // TODO Auto-generated method stub
    return m_tokenName;
    }

    @Override
    public String getTokenValue() {
    // TODO Auto-generated method stub
    return null;
    }

    @Override
    public String getTokenVersion() {
    // TODO Auto-generated method stub
    return null;
    }

    @Override
    public boolean isSecure() {
    // TODO Auto-generated method stub
    return false;
    }

    @Override
    public void setMaxAgeInSeconds(int age) {
    this.m_maxAgeInSeconds = age;

    }

    @Override
    public void setSecure(boolean arg0) {
    // TODO Auto-generated method stub

    }

    @Override
    public void setTokenDomain(String arg0) {
    // TODO Auto-generated method stub

    }

    @Override
    public void setTokenValue(String value) {
    this.m_tokenValue = value;

    }

    @Override
    public void setTokenVersion(String arg0) {
    // TODO Auto-generated method stub

    }

    }

    ReplyDelete
    Replies
    1. AbhayJuly 11, 2015 at 11:16 AM

      Try setting the domain for the cookie as tok.setTokenDomain(“.abc.org”); -- whatever your correct domain is.

      Delete
  16. VishwaAugust 13, 2015 at 4:26 AM

    Customer has created custom Authentication plug-in of AuthNScheme-A of level 2 and AuthNScheme-B of level 6

    Customer has created AuthN Module. Also created 'Step1' with AuthN level 2. On success go to 'Step9'.
    The 'Step9' with an AuthN level 6.

    Test Case:
    ----------
    User first access first resource protected with AuthN level 2.
    Then user access second resource.
    - Customer is orchestrating plug-in to verify the user authentication level.
    - As the user is already authenticated with AuthN level 2. The first step 'AuthN level-2' should be success, but it is failing.

    In detail, when user trying to access protected resource-1 of AuthN level-2 then he can able to access successfully.
    Same user when trying to access protected resource-2, then it's Failing.
    Expected is, it should go to 'Step9' as the user is already authenticated at AuthN level 2 of 'Step1'.

    ReplyDelete

Subscribe to: Post Comments (Atom)