Object documentation Login Module Stacks 

Definition

In the J2EE Engine you can use or define groups of login modules that contain different authentication logic. Such groups are referred to as login module stacks. Each login module stack enables you to choose different combinations of authentication for the applications you create, or for each of the components on the J2EE Engine.

Authentication Templates

Predefined login module stacks, which are also referred to as authentication templates, on the J2EE Engine:

·  SAP-J2EE-Engine – this is a default configured login module stack that can be used by everyone.

·  Basic – allows for Basic Authentication, supported by the Web container.

·  Client – allows for client certificate authentication, supported by the Web container.

·  Digest – allows for digest authentication, supported by the Web container.

·  Form  – allows for form authentication, supported by the Web container.

·  Ticket – used for creating and verifying logon tickets.

·  Evaluation assertion ticket – used for verifying assertion tickets (tickets used between systems).

Use

Using the login modules, you can create a login module stack that combines the authentication logic from several modules. Therefore, to perform authentication, the complete set of login modules is processed according to the configuration in the login module stack.

You can set the order in which these login modules are called during the authentication process and the order in which a client can be authenticated to the J2EE Engine. Also, following the JAAS specification, each module is processed according to login module flags. 

Login Modules Flags Description

Flag

Required to Succeed

Description

OPTIONAL

No

Authentication proceeds down the list if the module has succeeded or has failed.

REQUIRED

Yes

Authentication proceeds down the list of modules if the module has succeeded or has failed.

REQUISITE

Yes

If successful, the authentication proceeds down the list, otherwise control returns to the application – that is, the authentication does not proceed.

SUFFICIENT

No

If the authentication is successful, control returns to application; otherwise, the authentication proceeds.

Example

The following table shows how a login module stack is processed based on these flags.

Login Module Stacks Processing

Module

Flag

Pass/Fail

Pass/Fail

Pass/Fail

Module 1

SUFFICIENT

Pass

Fail

Fail

Module 2

REQUISITE

*

Pass

Fail

Module 3

OPTIONAL

*

Pass

*

Overall authentication

 

Pass

Pass

Fail

 

 

 

 

 

Was this page helpful to you?