Sunday, January 08, 2006

Adding Custom Login Modules to jManage

Use case
I already have a set of users categorized under various groups. How can I configure jManage to use this (external) user base for authentication and authorization?

Solution
Authentication
Prepare jManage to use a custom login module by configuring the login module class in jmanage-auth.conf file. Custom login module should implement javax.security.auth.spi.LoginModule and login() method, where the actual authentication logic goes, should use NameCallback and PasswordCallback of javax.security.auth.callback package to retrieve the wrapped username and password respectively. A sample LoginModule for reference.

Authorization
1. jManage comes with two pre-configured groups, Administrator and User. More such groups can be added by configuring the same in jmanage-user-roles.xml file.

2. In order to make jManage aware of various user to group relationships, the same should be configured in external-user-roles.properties file. This file stores the necessary user-groups mapping for external users and it comes with a default configuration where in all users are mapped to Administrator group. One should edit this file to make appropriate changes.

e.g.
User X belongs to groups A and B, then the relationship should be configured in external-user-roles.properties file as X=A,B.

No comments: