Post Processing after NAM Authentication

Post Processing after NAM Authentication

 

1. Introduction

 



NAM Identity Provider authenticates the user based on configured contract, method and authentication class. NAM authentication classes are deployed in IDP servers and running as server-side code.

If you would like to update user’s profile or execute some business logic (post-processing) without stopping or delaying regular login process, follow this solution to create custom authentication class and run post-processing in a separate thread.

 

1.1 Create JAR file and deploy into IDP

 



Write your own post-processing/business logic code inside executePostProcessing() method and create a JAR file from the JAVA Project. Copy the JAR file into /opt/novell/nids/lib/webapp/WEB-INF/lib location of IDP server. You need to restart IDP service after deploying the JAR file.

I have given a sample JAR file here to download. (remove .txt extension after download)

Download MyCustomAuthenticationClass.jar

 

2. Develop Authentication Class

 



 

2.1 Prerequisite

 




    1. Java IDE with JDK 1.7 and above

 

  1. jar, higgins-sts-api_1.0.0.jar (can be copied from IDP server) and servlet-api.jar (can be copied from any web server’s lib directory)



 

2.2 Create Java Project and develop Custom Authentication Class

 



Download attached project and open into eclipse.

Download MyCustomAuthenticationClass.zip

In my example, I have created a custom Authentication Class named MyCustomAuthenticationClass and a Thread class named MyPostProcessing. I have initiated the thread from doAuthenticate() method.

 

2.3 Use Post Processing AuthN Class in IDP

 



Now open Admin Console and follow the below steps to configure class, method, and contract in IDP cluster.


    1. (i) Go to IDP-Cluster -> Local -> Classes and create a new class.





    1. (ii) Go to IDP-Cluster -> Local -> Method and create a new method. Select Class name which is created in above step. Uncheck the “Identifies User” checkbox. We will not use this method to identify any user, the purpose of this method is to execute the post-processing execution code after successful login.



  1. (iii) Go to IDP-Cluster -> Local -> Contracts and create a contract. Choose the first method as original authentication method (the method you want to use for authentication purpose) and choose the second method as the method created in above step.



 

2.4 Assign Contract to Protected Resource

 



Open a proxy service in Access Gateway and assign the contract as an authentication procedure.



 

3. Test the Post Processing

 



Try to access the protected URL and provide valid credentials.



Open IDP log file and you will find following logs:

<amLogEntry> 2018-01-10T22:50:16Z VERBOSE NIDS Application: Executing authentication method MyCustomAuthenticationMethod </amLogEntry>

*******Post Prcessing Thread Started for : kouhal *********

********** Inside Post Processing Class for user: kouhal ********

****************START POST Processing***************

Processing User Update

****************END POST Processing***************

<amLogEntry> 2018-01-10T22:50:16Z VERBOSE NIDS Application: Authentication method MyCustomAuthenticationMethod succeeded </amLogEntry>


 

Labels (2)
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
2 of 2
Last update:
‎2020-01-31 11:52
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.