Post Processing after NAM Authentication



1. Introduction


NAM Identity Provider authenticates the user based on configured contract, method and authentication class. NAM authentication classes are deployed in IDP servers and running as server-side code.

If you would like to update user’s profile or execute some business logic (post-processing) without stopping or delaying regular login process, follow this solution to create custom authentication class and run post-processing in a separate thread.


1.1 Create JAR file and deploy into IDP


Write your own post-processing/business logic code inside executePostProcessing() method and create a JAR file from the JAVA Project. Copy the JAR file into /opt/novell/nids/lib/webapp/WEB-INF/lib location of IDP server. You need to restart IDP service after deploying the JAR file.

I have given a sample JAR file here to download. (remove .txt extension after download)

Download MyCustomAuthenticationClass.jar


2. Develop Authentication Class



2.1 Prerequisite


    1. Java IDE with JDK 1.7 and above


  1. jar, higgins-sts-api_1.0.0.jar (can be copied from IDP server) and servlet-api.jar (can be copied from any web server’s lib directory)


2.2 Create Java Project and develop Custom Authentication Class


Download attached project and open into eclipse.


In my example, I have created a custom Authentication Class named MyCustomAuthenticationClass and a Thread class named MyPostProcessing. I have initiated the thread from doAuthenticate() method.


2.3 Use Post Processing AuthN Class in IDP


Now open Admin Console and follow the below steps to configure class, method, and contract in IDP cluster.

    1. (i) Go to IDP-Cluster -> Local -> Classes and create a new class.

    1. (ii) Go to IDP-Cluster -> Local -> Method and create a new method. Select Class name which is created in above step. Uncheck the “Identifies User” checkbox. We will not use this method to identify any user, the purpose of this method is to execute the post-processing execution code after successful login.

  1. (iii) Go to IDP-Cluster -> Local -> Contracts and create a contract. Choose the first method as original authentication method (the method you want to use for authentication purpose) and choose the second method as the method created in above step.


2.4 Assign Contract to Protected Resource


Open a proxy service in Access Gateway and assign the contract as an authentication procedure.


3. Test the Post Processing


Try to access the protected URL and provide valid credentials.

Open IDP log file and you will find following logs:

<amLogEntry> 2018-01-10T22:50:16Z VERBOSE NIDS Application: Executing authentication method MyCustomAuthenticationMethod </amLogEntry>

*******Post Prcessing Thread Started for : kouhal *********

********** Inside Post Processing Class for user: kouhal ********

****************START POST Processing***************

Processing User Update

****************END POST Processing***************

<amLogEntry> 2018-01-10T22:50:16Z VERBOSE NIDS Application: Authentication method MyCustomAuthenticationMethod succeeded </amLogEntry>



How To-Best Practice
Comment List