Class UidPwdPinDirAuthentication

All Implemented Interfaces:
IExtendedPluginInfo

public class UidPwdPinDirAuthentication extends DirBasedAuthentication
uid/pwd/pin directory based authentication manager
  • Field Details

  • Constructor Details

    • UidPwdPinDirAuthentication

      public UidPwdPinDirAuthentication()
      Default constructor, initialization must follow.
  • Method Details

    • init

      public void init(AuthenticationConfig authenticationConfig, String name, String implName, AuthManagerConfig config) throws EBaseException
      Description copied from class: DirBasedAuthentication
      Initializes the UidPwdDirBasedAuthentication auth manager. Takes the following configuration parameters:
              ldap.basedn             - the ldap base dn.
              ldap.ldapconn.host      - the ldap host.
              ldap.ldapconn.port      - the ldap port
              ldap.ldapconn.secureConn - whether port should be secure
              ldap.minConns           - minimum connections
              ldap.maxConns           - max connections
              dnpattern               - dn pattern.
       

      dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.

      The syntax is

           dnpattern = SubjectNameComp *[ "," SubjectNameComp ]
      
           SubjectNameComponent = DnComp | EntryComp | ConstantComp
           DnComp = CertAttr "=" "$dn" "." DnAttr "." Num
           EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num
           ConstantComp = CertAttr "=" Constant
           DnAttr    =  an attribute in the Ldap entry dn
           EntryAttr =  an attribute in the Ldap entry
           CertAttr  =  a Component in the Certificate Subject Name
                        (multiple AVA in one RDN not supported)
           Num       =  the nth value of tha attribute  in the dn or entry.
           Constant  =  Constant String, with any accepted ldap string value.
      
       

      Example:

       dnpattern:
           E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US
       
      Ldap entry dn: UID=joesmith, OU=people, O=Acme.com
      Ldap attributes: cn: Joe Smith sn: Smith mail: joesmith@acme.com mail: joesmith@redhat.com ou: people ou: IS etc.

      The subject name formulated in the cert will be :

         E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US
      
            E = the first 'mail' ldap attribute value in user's entry - joesmithe@acme.com
            CN = the (first) 'cn' ldap attribute value in the user's entry - Joe Smith
            OU = the second 'ou' value in the ldap entry - IS
            O = the (first) 'o' value in the user's entry DN - "Acme.com"
            C = the constant string "US"
       
      Overrides:
      init in class DirBasedAuthentication
      Parameters:
      name - The name for this authentication manager instance.
      implName - The name of the authentication manager plugin.
      config - - The configuration store for this instance.
      Throws:
      EBaseException - If an error occurs during initialization.
    • verifyPassword

      protected void verifyPassword(String Password)
    • authenticate

      protected String authenticate(netscape.ldap.LDAPConnection conn, AuthCredentials authCreds, AuthToken token) throws EBaseException
      Authenticates a user based on its uid, pwd, pin in the directory.
      Specified by:
      authenticate in class DirBasedAuthentication
      Parameters:
      authCreds - The authentication credentials with uid, pwd, pin.
      Returns:
      The user's ldap entry dn.
      Throws:
      EInvalidCredentials - If the uid and password are not valid
      EBaseException - If an internal error occurs.
    • checkpin

      protected void checkpin(netscape.ldap.LDAPConnection conn, String userdn, String uid, String pin) throws EBaseException, netscape.ldap.LDAPException
      Throws:
      EBaseException
      netscape.ldap.LDAPException
    • getConfigParams

      public String[] getConfigParams()
      Returns a list of configuration parameter names. The list is passed to the configuration console so instances of this implementation can be configured through the console.
      Overrides:
      getConfigParams in class AuthManager
      Returns:
      String array of configuration parameter names.
    • getRequiredCreds

      public String[] getRequiredCreds()
      Returns array of required credentials for this authentication manager.
      Specified by:
      getRequiredCreds in class DirBasedAuthentication
      Returns:
      Array of required credentials.
    • init

      public void init(ConfigStore config) throws EProfileException
      Description copied from class: AuthManager
      Initializes this default policy.
      Specified by:
      init in class AuthManager
      Parameters:
      config - configuration store
      Throws:
      EProfileException - failed to initialize
    • getName

      public String getName(Locale locale)
      Retrieves the localizable name of this policy.
      Overrides:
      getName in class AuthManager
      Parameters:
      locale - end user locale
      Returns:
      localized authenticator name
    • getText

      public String getText(Locale locale)
      Retrieves the localizable description of this policy.
      Overrides:
      getText in class DirBasedAuthentication
      Parameters:
      locale - end user locale
      Returns:
      localized authenticator description
    • getValueNames

      public Enumeration<String> getValueNames()
      Retrieves a list of names of the value parameter.
      Overrides:
      getValueNames in class DirBasedAuthentication
      Returns:
      a list of property names
    • isValueWriteable

      public boolean isValueWriteable(String name)
      Description copied from class: AuthManager
      Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.
      Overrides:
      isValueWriteable in class DirBasedAuthentication
      Parameters:
      name - property name
      Returns:
      true if the property is not security related
    • getValueDescriptor

      public IDescriptor getValueDescriptor(Locale locale, String name)
      Retrieves the descriptor of the given value parameter by name.
      Overrides:
      getValueDescriptor in class DirBasedAuthentication
      Parameters:
      locale - user locale
      name - property name
      Returns:
      descriptor of the requested property
    • populate

      public void populate(AuthToken token, Request request) throws EProfileException
      Description copied from class: AuthManager
      Populates authentication specific information into the request for auditing purposes.
      Overrides:
      populate in class DirBasedAuthentication
      Parameters:
      token - authentication token
      request - request
      Throws:
      EProfileException - failed to populate
    • isSSLClientRequired

      public boolean isSSLClientRequired()
      Description copied from class: AuthManager
      Checks if this authenticator requires SSL client authentication.
      Overrides:
      isSSLClientRequired in class DirBasedAuthentication
      Returns:
      client authentication required or not