• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

few questions around OAM authentication providers

 
Ranch Hand
Posts: 3852
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I've few questions around OAM authentication provider.

OAM authentication provider (oamAuthnProvider.jar) provides two functions: OAM identity asserter & OAM authenticator.

OAM identity assertion: It validates already-authenticated (users with obSSOCookie) users & creates a WebLogic-authenticated session.

OAM authenticator: ?

Few questions:
1. Why do we need to verify an already authenticated users (users who has obSSOCookie)?
2. Does identity asserter actually creates WebLogic-authenticated session?
3. What's the use of OAM authenticator?

To get answers of above questions I decompiled oamAuthnProvider.jar. However the code is not very easy to understand. I understood it in bits & pieces but have following questions in code:

OAMIdentityAssertionProviderImpl is the class which gets invoked I suppose as it's mentioned in OAMIdentityAsserter.xml file. It has a method called initialize(), I don't get how this method is getting invoked but I am assuming that it's called. Here we get the OAM related configuration parameters (which we set in WebLogic console) & then have following piece of code:



In OAMUtil constructor we have following piece of code:



Is this the place where we create session for user?

Also in OAMAuthenticationProviderImpl (OAM authenticator) also we do the same thing (get configuration parameters, call OAMUtil), what's different?

Hope my all questions are clear. Please let me know if you want me to explain any question in more detail.

Thanks.
reply
    Bookmark Topic Watch Topic
  • New Topic