OpenSSO Custom Auth Module

getP Auth Module README

Author:   Jeff Nester
Purpose:   To demonstrator how to write and deploy a custom authentication module in Open SSO 8.0
Notes:   This login module determines the username by extracting it from the Servlet Request userName parameter. This module does not require a password.

The original purpose of this example was to create an authentication module that would extract a header variable passed in by the network router. The user was validated by the router and an attributed placed in the request header. Since this user cleared the router the user is considered valid and the module authenticates the user to OpenSSO.

Since it is more difficult to demonstrate a header variable being passing in, I changed the module to use a parameter instead.

The url to log in would look like:

NOTE: This assumes that the famAdminTools have been configured.
  1. Untar the getP_Provider.tar file to a know location
  2. cd getP_Provider
  3. modify the shell script by changing the the export lines in the script to point to your specific locations:

        # PASSWORD_FILE points to a file that contains the amadmin password
        export PASSWORD_FILE=/password

        # OPENSSO_DIR is the location where the file was unzipped
        export OPENSSO_DIR=/opensso

        # Set the GLASSFISH_BASE to the location of your GlassFish install folder
        export GLASSFISH_BASE=/glassfish

        # Set JAVA_HOME to be your JAVA Home
        export JAVA_HOME=/usr/jdk/instances/jdk1.5.0

  4. ./install
  5. Test it out by going to

Instructions for configuring famAdminTools:
The famAdminTools are configured by doing the following:
  1. locate the file. This should be in the folder where the was unzipped. If you unzipped it to /opensso then go to /opensso/tools.
  2. export JAVA_HOME=/usr/jdk/{your java}
  3. ./setup

Files List: - international definitions - java code that defines the authentication module - java code that defines the Principal object needed
getPService.xml - This file defines the service that has to be added to OpenSSO for the new module
getP.xml - an empty file that the login module uses to NOT do call backs - shell script to compile and deploy the module - shell script to remove the module - shell script to set the necessary variables for the other scripts to run. This one needs to be modified before executing or
Makefile - Make file to compile the code