Store & Retrieve Authentication Info with OpenSSO, She & Him
By docteger on Aug 10, 2009
Here are some words on storing authentication information in an OpenSSO session and retrieving it. It assumes that the authentication module extends
AMLoginModuleand the information is to be shared with a post authentication plug-in. If the size of the information is small, you can store it in the
SSOToken. If the information is security sensitive and not to be readable by the Client SDK, you could encrypt it before setting it in the
SSOToken. (Prefixing the property name with
am.protected.defines it as NOT readable by the Client SDK.) After you put the required information from the authentication module into the module principal class, implement the
com.sun.identity.authentication.service.AuthenticationPrincipalDataRetrieverinterface. It has the following method to get the module principal from
authSubject, retrieve the required data, and return that data as a Map (key/value pairs).
/\*\* \* Returns the attribute map from the required Authentication module \*The Authentication Service will store this Map in the authenticated
Principal, to be set in the
SSOToken. \* \* @param authSubject Authenticated user
Subject. \* @return the Attribute Map. \*/ Map getAttrMapForAuthenticationModule(Subject authSubject);
SSOToken. A post authentication plug-in can retrieve this data from the
SSOTokenlater. You will need to set your implementation class as a value of the
com.sun.identity.authentication.principalDataRetrieverproperty in the OpenSSO configuration data store. Now here is Zooey Deschanel and M. Ward, plugged in as She & Him. Why Do You Let Me Stay Here? is from their album, Volume 1. I love M (especially his album Transistor Radio), love Zooey (especially as an actress in the ScyFy take on Oz called Tin Man) and also Zooey's sis, Emily (especially as the femme lead on Bones). The video is quirky and endearing and bloody.