1. Introduction

NAM Identity Provider authenticates the user based on configured contract, method and authentication class. NAM authentication classes are deployed in IDP servers and running as server-side code.

If you would like to update user’s profile or execute some business logic (post-processing) without stopping or delaying regular login process, follow this solution to create custom authentication class and run post-processing in a separate thread.

1.1 Create JAR file and deploy into IDP

Write your own post-processing/business logic code inside executePostProcessing() method and create a JAR file from the JAVA Project. Copy the JAR file into /opt/novell/nids/lib/webapp/WEB-INF/lib location of IDP server. You need to restart IDP service after deploying the JAR file.

I have given a sample JAR file here to download. (remove .txt extension after download)

Download MyCustomAuthenticationClass.jar

2. Develop Authentication Class

2.1 Prerequisite

  1. Java IDE with JDK 1.7 and above
  2. jar, higgins-sts-api_1.0.0.jar (can be copied from IDP server) and servlet-api.jar (can be copied from any web server’s lib directory)

2.2 Create Java Project and develop Custom Authentication Class

Download attached project and open into eclipse.

Download MyCustomAuthenticationClass.zip

In my example, I have created a custom Authentication Class named MyCustomAuthenticationClass and a Thread class named MyPostProcessing. I have initiated the thread from doAuthenticate() method.

2.3 Use Post Processing AuthN Class in IDP

Now open Admin Console and follow the below steps to configure class, method, and contract in IDP cluster.

  1. (i) Go to IDP-Cluster -> Local -> Classes and create a new class.

  2. (ii) Go to IDP-Cluster -> Local -> Method and create a new method. Select Class name which is created in above step. Uncheck the “Identifies User” checkbox. We will not use this method to identify any user, the purpose of this method is to execute the post-processing execution code after successful login.

  3. (iii) Go to IDP-Cluster -> Local -> Contracts and create a contract. Choose the first method as original authentication method (the method you want to use for authentication purpose) and choose the second method as the method created in above step.

2.4 Assign Contract to Protected Resource

Open a proxy service in Access Gateway and assign the contract as an authentication procedure.

3. Test the Post Processing

Try to access the protected URL and provide valid credentials.

Open IDP log file and you will find following logs:

<amLogEntry> 2018-01-10T22:50:16Z VERBOSE NIDS Application: Executing authentication method MyCustomAuthenticationMethod </amLogEntry>

*******Post Prcessing Thread Started for : kouhal *********

********** Inside Post Processing Class for user: kouhal ********

****************START POST Processing***************

Processing User Update

****************END POST Processing***************

<amLogEntry> 2018-01-10T22:50:16Z VERBOSE NIDS Application: Authentication method MyCustomAuthenticationMethod succeeded </amLogEntry>

 

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.
Loading...

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
Koushik Halder
Jan 17, 2018
7:01 am
Reads:
1,729
Score:
5
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow