USE CASE
How can we save custom data into session store during user authentication and access it later during authorization
The custom data could be an additional user input captured during user login or via some external web service call during custom authentication.
CHALLENGE:
Data couldn’t be saved into a session store during the authentication process (say inside a custom authentication class ) because at this stage even if the Session ID is created for the user session an entry is not created in the session store.
Otherwise a simplistic solution would have been to invoke com.netegrity.policyserver.smapi.SmSessionServer.setVariable() API from within the custom authentication class.
SOLUTION :
- Temporarily save the custom data into the AppSpecificContext element of the APIContext from the custom authentication scheme.
- Create an ActiveResponse to read the custom data from the AppSpecificContext.
- Create a Response attribute of type “WebAgent-OnAuthAccept-Session-Variable” and assign the value returned from an ActiveResponse above.
- Create an OnAuthAccept rule and attach the Response attribute created above.
- Create a Response to read the data from Session Store and attach it to OnAccessAccept rule to set it as HTTP header variable.
INSTRUCTION :
- Modify the attached custom authentication scheme class (CustomAuthSetAppSpecificContextData.java) as required to the save the desired custom data into the AppSpecificContext element as below.
1 2 3 4 5 6 7 | //Set AppSpecific Context Data here. This could be a data read from external web service call or user provided input variable
try
{
APIContext apiContext = context.getAPIContext();
AppSpecificContext appContext = apiContext.getAppSpecificContext();
appContext.setData(new String("Test App Sepcific Context Data").getBytes());
}
|
- (Optional ) Modify the attached custom ActiveResponse class (ReadAppSpecificContextVar.java) for any additional logic (if needed). Here is the code snippet where it reads the data from AppSpecificContext and return to the caller :
1 2 3 4 5 6 7 8 9 10 11 12 | // Check if the app specific data is set
try
{
APIContext apiContext = context.getAPIContext();
AppSpecificContext appContext = apiContext.getAppSpecificContext();
byte[] data = appContext.getData();
if (data != null)
{
logInPSTrace(apiContext, "Context Data : " + new String(data));
return new String(data);
}
}
|
- Create a custom authentication scheme as below :
- Library : smjavaapi
- Secret : Any string value
- Confirm secret : Any string value
- Parameter : <Custom auth classname> <custom login page>
- Create a Response attribute of type “WebAgent-OnAuthAccept-Session-Variable” and assign the value returned from an ActiveResponse as below. This will be triggered during OnAuthAccept event to set the custom data into the session store.
- Create a Response attribute of type “WebAgent-HTTP-Header-Variable” and assign the value read from Session Store (set earlier) as below. This will be triggered during OnAcccess event.
- Change realm to persistent, change the Authentication scheme to custom & create OnAuthAccept, OnAccessAccept rules as below :
- Link OnAuthAccept rule and the corresponding Response to create to set custom data in session store.
- Link OnAccessAccept rule and the corresponding Response to read the data from session store and set it as HTTP header variable
- Compile both the custom class and deploy them to <PS_Install_directory>siteminder\config\properties
- Restart Policy server
TEST :
ATTACHMENT :
- Custom Auth scheme.
- Custom Active Response.
- Sample index.asp to print all HTTP headers.
- SetSessionVar