Installation guide
CHAPTER 6 New Features in EAServer Versions 4.2.3, 4.2.2, 4.2.1, and 4.2
What’s New 43
Retrieving additional user session details in a JAAS login module
Beginning in version 4.2.2, EAServer allows you to retrieve additional IIOP or
HTTP user session information when using the JAAS API to install custom
security implementations.For more information, see “Retrieving additional
user session details in a JAAS login module” in Chapter 11, “Using the JAAS
API,” in the EAServer Security Administration and Programming Guide.
Retrieving HTTP session information in a custom authentication service
You can also retrieve additional client session information in custom
authentication services that implement the
CtsSecurity::AuthService API. In a
custom authentication component implemented in Java, you can call the
com.sybase.jaguar.server.Jaguar.getHttpServletRequest() method to retrieve the
HTTP servlet request (if any) that triggered the authentication event. This
method returns null if the authentication event is not associated with an HTTP
request (for example, if the authentication is for a component invocation).
Supporting external single sign-on providers
EAServer 4.2.2 allows integration with external single sign-on authentication
software such as Netegrity SiteMinder. EAServer 4.2.2 includes custom
security components to support Netegrity, and you can implement support for
other services by implementing your own custom security components.
A new API,
CtsSecurity::CallerPrincipalService allows you to implement a
component that tells EAServer the effective user ID when authentication
occurs outside of EAServer. For details on creating and installing a caller
principal service, see the HTML reference documentation for this interface in
file html/ir/CtsSecurity.html in your EAServer installation directory.
The
com.sybase.jaguar.server.http.sso server property specifies whether sign-
on occurs externally. Set this property to true if you are using an external
single-sign on provider.