Page tree

The Shibboleth 2.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP30 and SP3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

The Multi Context Broker uses Spring to load several beans used by the login handler:

  • A configuration bean
  • Multiple beans representing the authentication submodules

A complete example is attached to this page for your reference. The rest of this page will cover individual beans used in the file.

Authentication Bean

Authentication beans represent the submodules used to authenticate users. They must implement the edu.internet2.middleware.assurance.mcb.authn.provider.MCBSubmmodule Interface. The interface itself is defined as:

public interface MCBSubmodule extends BeanNameAware {
        
        /**
         * Display the necessary login form.
         * 
         * @param servlet
         * @param request
         * @param response
         * @return true if the login form display was handled.
         * @throws AuthenticationException
         * @throws LoginException
         */
    boolean displayLogin(MCBLoginServlet servlet, HttpServletRequest request, HttpServletResponse response)
        throws AuthenticationException, LoginException;
    /**
     * Process the login. Validate credentials and return a true/false success status.
     * 
     * @param servlet
     * @param request
     * @param response
     * @return true if the login was successful.
     * @throws AuthenticationException
     * @throws LoginException
     */
    boolean processLogin(MCBLoginServlet servlet, HttpServletRequest request, HttpServletResponse response)
        throws AuthenticationException, LoginException;
    /**
     * Called during startup to allow any one-time initialization to occur.
     */
    void init();
    
    public String getBeanName();
}

By being defined as a bean, the submodule will receive the configured bean name for itself from your mcb-spring.xml file. When building your own submodules, you may also define constructors to pass runtime information via the Spring configuration as constructor arguments using normal Spring syntax.

The bean definition itself for the included JAAS based username/password submodule is:

    <!-- This bean represents an authentication submodule -->
    <bean id="mcb.usernamepassword" class="edu.internet2.middleware.assurance.mcb.authn.provider.JAASLoginSubmodule">
        <constructor-arg index="0" value="/opt/shibboleth-idp/conf/login.config" />  <!-- The JAAS configuration file -->
        <constructor-arg index="1" value="MCBUserPassAuth" />  <!-- The JAAS configuration name -->
 		<constructor-arg index="2" value="jaaslogin.vm" />  <!-- The login page to display -->
 		<constructor-arg index="3" value="false" />  <!-- Set to true if using JSP login page (parameter defaults to false if not supplied) -->
    </bean>

The bean id value must be unique for each submodule you define. However, it is possible to use the same submodule code to define multiple beans (meaning you could have two or more JAASLoginSubmodules in your file). For the standard JAAS submodule, three constructor arguments are needed, a fourth is optional. The first is the JAAS configuration file itself, the second is the JAAS configuration name (from the configuration file in parameter 1) that will be used. The third is the name of the velocity template to use for the login page. If the fourth parameter is supplied and has a value of true, then the login page template for parameter three is assumed to be a JSP page and is processed as such.

Configuration Bean

The configuration bean represents the data that is in the MCB multi-context-broker.xml configuration file. By loading it as a bean, the configuration information is available to all parts of the MCB at runtime.

    <!-- This bean is our configuration object representing the custom configuration file -->
    <bean id="mcb.Configuration" class="edu.internet2.middleware.assurance.mcb.authn.provider.MCBConfiguration">
        <constructor-arg
            value="/opt/shibboleth-idp/conf/multi-context-broker.xml" />
        <constructor-arg>
            <list>
                <ref bean="mcb.usernamepassword" />
                <ref bean="mcb.usernamepasswordbronze" />
                <ref bean="mcb.usernamepasswordsilver" />
                <ref bean="mcb.token" />
            </list>
        </constructor-arg>
        
    </bean>

The bean needs two constructor arguments. The first is the path to the configuration file. The standard name for this file is multi-context-broker.xml, but you may use any name you like as long as it is given here. The second constructor is a list of the actual authentication beans you have previously defined in the file. You must list all of them.

 

 

  • No labels