User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE

241

242

243

244

245

246

247

248

249

250

Developing Java Applications

7-7

Setup Items Required? Explanation

Creating login

configuration file

Required

Create a login configuration file corresponding to

the entry name specified when converting

LoginContext to an instance.

Creating security

policy file

Required to use the JAAS

authorization function

Create a file in which the security policy for

JavaVM operation is written.

Creating trust

store file

Required Created when a certificate is registered in an

Interstage certificate environment.

Setting access

permission for

operated

resources

Required Specify the access permission for the login

configuration, trust store, and security policy files.

For security reasons, it is recommended that

permission settings be minimized.

Registering

protection

resources

Not Required -

Executing

application

Required Set the JavaVM options.

Notes

• The JAAS authorization function cannot be used with a servlet.

• If “certificate authentication” or “ password authentication and certificate authentication” is

registered in the SSO repository as the user information authentication method for a user, the user

ID of the user cannot be authenticated. If “password authentication or certificate authentication” is

specified as the user authentication method, certificate authentication cannot be used.

• The application cannot be used if the SSL setting for the Web server in which the authentication

server is set up specifies that a client certificate must always be authenticated.

• The following message is displayed in the authentication server access log on authentication. This

message can be ignored as it does not indicate an operating error.

192.168.10.10 - SSO-JavaAPI - unknown [2003/11/10 13:05:45 +XXXX] -"unknown"

Authentication(unknown) failed. (User's ID/password and certificate do not

exist.)

Note

"+XXXX" indicates the time difference to UTC (Universal Time Coordinate). If used, "-XXXX" has the

same meaning.

Developing Programs

This section explains how to develop a program that uses the single sign-on JavaAPI. The single sign-

on JavaAPI uses the JAAS framework.

An example with sample code ISSsoJaas.java is shown below. In this example, authentication is

executed for an authentication server by using a user ID/password entered from a business server

window and JAAS authorization is executed according to the security policy.