The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

The Multi Context Broker uses Spring to load several beans used by the login handler:

  • A configuration bean
  • Multiple beans representing the authentication submodules

A complete example is attached to this page for your reference. The rest of this page will cover individual beans used in the file.

Authentication Bean

Authentication beans represent the submodules used to authenticate users. They must implement the edu.internet2.middleware.assurance.mcb.authn.provider.MCBSubmmodule Interface. The interface itself is defined as:

public interface MCBSubmodule extends BeanNameAware {
        
        /**
         * Display the necessary login form.
         * 
         * @param servlet
         * @param request
         * @param response
         * @return true if the login form display was handled.
         * @throws AuthenticationException
         * @throws LoginException
         */
    boolean displayLogin(MCBLoginServlet servlet, HttpServletRequest request, HttpServletResponse response)
        throws AuthenticationException, LoginException;
    /**
     * Process the login. Validate credentials and return a true/false success status.
     * 
     * @param servlet
     * @param request
     * @param response
     * @return true if the login was successful.
     * @throws AuthenticationException
     * @throws LoginException
     */
    boolean processLogin(MCBLoginServlet servlet, HttpServletRequest request, HttpServletResponse response)
        throws AuthenticationException, LoginException;
    /**
     * Called during startup to allow any one-time initialization to occur.
     */
    void init();
    
    public String getBeanName();
}

By being defined as a bean, the submodule will receive the configured bean name for itself from your mcb-spring.xml file. When building your own submodules, you may also define constructors to pass runtime information via the Spring configuration as constructor arguments using normal Spring syntax.

The bean definition itself for the included JAAS based username/password submodule is:

    <!-- This bean represents an authentication submodule -->
    <bean id="mcb.usernamepassword" class="edu.internet2.middleware.assurance.mcb.authn.provider.JAASLoginSubmodule">
        <constructor-arg index="0" value="ShibUserPassAuth" />
        <constructor-arg index="1" value="jaaslogin.vm" />
    </bean>

The bean id value must be unique for each submodule you define. However, it is possible to use the same submodule code to define multiple beans (meaning you could have two or more JAASLoginSubmodules in your file). For the standard JAAS submodule, two constructor arguments are needed. The first is the JAAS configuration name (from the standard login.config file) that will be used. The second is the name of the velocity template to use for the login page.

Configuration Bean

The configuration bean represents the data that is in the MCB multi-context-broker.xml configuration file. By loading it as a bean, the configuration information is available to all parts of the MCB at runtime.

    <!-- This bean is our configuration object representing the custom configuration file -->
    <bean id="mcb.Configuration" class="edu.internet2.middleware.assurance.mcb.authn.provider.MCBConfiguration">
        <constructor-arg
            value="/opt/shibboleth-idp/conf/multi-context-broker.xml" />
        <constructor-arg>
            <list>
                <ref bean="mcb.usernamepassword" />
                <ref bean="mcb.usernamepasswordbronze" />
                <ref bean="mcb.usernamepasswordsilver" />
                <ref bean="mcb.token" />
            </list>
        </constructor-arg>
        
    </bean>

The bean needs two constructor arguments. The first is the path to the configuration file. The standard name for this file is multi-context-broker.xml, but you may use any name you like as long as it is given here. The second constructor is a list of the actual authentication beans you have previously defined in the file. You must list all of them.

 

 

  • No labels