User guide
Developing Java Applications
7-13
Table 7-7 Object Classes Associated with the Subject Object
Class Name Explanation
com.fujitsu.interstage.sso.auth.ISUserPrincipal Indicates the user ID of an authenticated user.
com.fujitsu.interstage.sso.auth.ISRolePrincipal Indicates the name of the role to which the user
belongs.
If the user belongs to a role set, roles in the role set
are associated as ISRolePrincipal objects. No
object is set unless the user belongs to a role.
For JDK1.3
com.sun.security.auth.X500Principal
For JDK1.4
javax.security.auth.x500.X500Principal
Indicates the unique distinguished name (DN) of the
user in the SSO repository.
There is a difference between JDK1.3 and JDK1.4
in the implementation of the java.security.Principal
interface getName method.
When using the getName method, note the
following difference.
- JDK1.3: An space is inserted immediately after a
DN delimiter (comma).
- JDK1.4: No space is inserted immediately after a
DN delimiter (comma).
Example: Value returned with getName method
JDK1.3:
CN=user001, OU=User, OU=interstage, O=fujitsu,
DC=com
JDK1.4:
CN=
user001,OU=User,OU=interstage,O=fujitsu,DC=co
m
The code is shown below.
Set principals = subject.getPrincipals();
iterator = principals.iterator();
while (iterator.hasNext()) {
Principal principal = (Principal)iterator.next();
System.out.println("Principal=" + principal.getName());
}
Reported User Information
When a business server configuration is used to specify an authentication server of the authentication
destination, the following information (which is retained in the object ISAuthorizationCredential) is
reported when “Yes” is selected for [Notify User Information?] on the Interstage Management Console.
• User DN, role name
• Authentication method
• User UID