Setting Up a Custom Authentication Handler

A custom authentication handler can be created to change the login and logout behavior.

Procedure

  1. Open the Configurator.
    • In the Advanced configuration outline click Authentication
    • In the right pane, click the Custom tab.
    • Set the Selected Deployment Target to Custom
    • For Custom Authentication Init Class, provide the class that contains your custom authentication. (Create a jar with the class and place it in the classpath).
  2. Implement the CustomLoginModule as per the interface: 
    /**\
 ** ============================================================================
 **
 ** Copyright (c) 2004-2009 Tibco Software Inc. All Rights Reserved.
 **
 ** This work is subject to U.S. and international copyright laws and     treaties.
 ** No part of this work may be used, practiced, performed copied,     distributed, revised, modified, translated, abridged, condensed,     expanded, collected,compiled, linked, recast, transformed or adapted     without the prior written consent of Tibco Software Inc. Any use or     exploitation of this work without authorization could subject the     perpetrator to criminal and civil liability.
 **
============================================================================
 \**/
package com.tibco.mdm.directory.security.authentication;
import java.util.Map;
import com.tibco.mdm.infrastructure.error.MqException;
import com.tibco.mdm.infrastructure.profile.IMqSessionProfile;
/**
 *
 * An Interface that is used for pluggable Authentication/Authorization for
 * TIBCO MDM.
 *
 */
public interface ILoginModule {
    public final static String DEFAULT_LOGIN_URL ="Login";
    public final static String NEEDS_CHALLENGE="needChallenge";
    public final static String DEFAULT_LOGIN_CLASS="com.tibco.mdm.directory.security.authentication.DefaultLoginModule";
    public final static String TAM_AUTHENTICATION ="TAM";
    public final static String RDBMS_AUTHENTICATION="Default";
    public final static String SITE_MINDER_AUTHENTICATION="SM";
    public final static String RDBMS_AUTHORIZATION="Default";
    public final static String SINGLE_SIGNON_AUTHORIZATION="SingleSignOn";
    /**
     * This method authenticates and authorizes the user to access CIM
     * application.
     *
     * Implement your login logic in this method
     *
     * @param    userDetails     a  Map - All required parameter-value pairs
     *  for Authentication and Authorization, passed through this Map. if HTTP         headers were extracted, the headers will be present in this map
     *
     * @return   a new IMqSessionProfile User Profile with all details after        login is successful
     * retuns null if authentication/authorization fails.
     *
     * @throws   MqException
     *
     */
    public IMqSessionProfile handleLogin(Map userDetails)throws MqException;
    /** This method implements login management when used in web services.
     *
     * @param userDetails
     * @return
     * @throws MqException
     */
    public IMqSessionProfile handleWebServiceLogin(Map userDetails)throws MqException;
    /**
     * This method returns the Url the user is directed on logout
     *
     * @param    headerDetails       a  Map
     *
     * @return   a String
     *
     */
    public String getLogoutUrl(Map headerDetails)throws MqException;
    /**
     * This method re isHeaderRequired
     * Only if this method returns true, any HTTP headers in the URL are        extracted
     * You can use predefined  ILoginModule.DEFAULT_LOGIN_URL if no special
     * Logout URL is required.
     *
     * @return   a boolean true if the special httpHeaders are to be extracted for
     * authentication/authorization.
     */
    public boolean isHeaderRequired();
    /**
     * This method onErrorRedirectURL should return the URL to used in case of        errors.
     * Typically this method can call getLogOutURL to return the URL to go to
     *
     * @return   a String url the user is redirected on login Error.
     *
     */
    public String getErrorRedirectUrl()throws MqException;
    /** getAuthenticationType
     *  This identifies the authentication type implemented by the login         module
     *  Hardcode the value of authentication type - this method will be         deprecated in future releases
     * Following are reserved
     *     public final static String RDBMS_AUTHENTICATION="Default";
     *     public final static String SITE_MINDER_AUTHENTICATION="SM";
     * @return   a String
     */
    public String getAuthenticationType();
    /**
     * Method getAuthorizationType
     * Returns what type of authorization is this.
     * @deprecated
     * @return   a String
     *
     */
    public String getAuthorizationType();
}
  3. You can also extend SingleSignOnLoginModule class provided. This class implements following methods:

Result

    public String getErrorRedirectUrl()throws MqException
    {
        return ILoginModule.DEFAULT_LOGIN_URL;
    }
    /**
     * Method isHeaderRequired
     *
     * @return   a boolean
     *
     */
     public boolean isHeaderRequired()
    {
        return true;
    }
    /**
     * Method getAuthorizationType
     *
     * @return a String
     *
     */
    public String getAuthorizationType()
    {
        return ILoginModule.SINGLE_SIGNON_AUTHORIZATION;
    }

The plug-in does not affect the user creation process. Also, this plug-in can be used in conjunction with LDAP.

Note: To deploy a custom authentication module, merge the custom module/plugin to the ECM ear.

For more info on how to do this, refer the TIBCO MDM Installation and Configuration guide (Chapter 3, Installing TIBCO MDM, section "Merge Third Party Libraries with ECM.ear").