Authentication Using Custom Shared Resource
You may use a custom shared resource in an authentication policy to authenticate a request.
The custom shared resource contains a custom login module implemented by the user. The custom shared resource is specified using the ResourceInstance attribute in a policy.
For example, if the custom shared resource CelmAsp is configured in the CelmAsp.properties file, use it as follows in an authentication policy:
<tpa:WssProcessor ResourceInstance="CelmAsp"/>
TIBCO API Exchange Gateway calls the custom login module defined in the CelmAsp.properties file.
Refer to Create Shared Resource Properties File for Custom Authentication for custom shared resource properties.
To use custom shared resource for an authentication, you must complete the following tasks:
- Implement the custom login module. See Implement Custom Login module.
- Package the custom login module. See Packaging the Custom Login Module Jars.
AuthenticationByCelm.policy
<wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wssp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:tpa="http://xsd.tns.tibco.com/governance/policy/action/2009">
<wsp:All>
<wsp:Policy >
<tpa:WssProcessor ResourceInstance="CelmAsp"/>
</wsp:Policy>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<tpa:VerifyAuthentication>
<tpa:ExactlyOne>
<wssp:UsernameToken />
</tpa:ExactlyOne>
</tpa:VerifyAuthentication>
</wsp:Policy>
</wsp:All>
</wsp:Policy>
- Implementing Custom Login Module
The custom login module uses the LoginModule of Java Authentication and Authorization Service ( JAAS). - Packaging and Deploying the Custom Login Module
You must package the custom login module in a jar file for deployment with TIBCO API Exchange Gateway.