Access Manager SDK and Client SDK: Differences

FYI.

The Access Manager Client SDK is aimed at applications that use identity APIs at run-time. This includes applications that contain functionality for authentication, SSO, policy evaluation (fine grain policy enforcement) and obtaining and setting user attributes, roles, etc. The Client SDK is not aimed at applications that perform management of policies (creations, deletions, etc.) or identities. From a deployment point of view, the Client SDK offers the following advantages over full SDK:
  • The Client SDK does not require administrator credentials (amadmin, dsameuser, etc.).
  • The Client SDK uses only http/https and communicates only with Access Manager. It does not require serverconfig.xml and does not use LDAP.
    • Because of this, applications using the Client SDK can be deployed in DMZs and a firewall can be placed between the applications and Access Manager.
    • Because of this, the three persistent search connection used by the full SDK is not needed. This reduces the load and improves performance on Directory Server. This allows the Client SDK to have 100s of applications rather than the 10s of them supported by the full SDK.
  • The Client SDK is smaller - approximately 1M as compared to the ~10M size of the full SDK.
  • The Client SDK is better suited for J2EE war deployment, requiring only a single jar (amclientsdk.jar) and the AMConfig.properties file within the Access Manager WAR.
The following features are in the full SDK but missing from the Client SDK:
  • Policy Management: Policy Management requires a number of plugins (Subject, Resource, Conditions, etc.). These are not included. For this reason, the server side com.sun.identity.policy.PolicyEvaluator would not be supported.
  • Federation/Liberty: The Liberty APIs are not supported in the Client SDK.
It is recommend to use the Client SDK and fall back on the full SDK only if required.
Comments:

how can I configure my development environment so that I can make use of the amclientsdk.jar file? Also, you mentioned the AMConfig.properties - do I need this file locally and if so, where does it go?

Posted by Gerald on March 06, 2008 at 02:04 AM PST #

Post a Comment:
Comments are closed for this entry.
About

docteger

Search

Categories
Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today