Package com.netscape.cms.authentication

Class UidPwdPinDirAuthentication

    • Field Detail

      • logger

        public static org.slf4j.Logger logger

      • mRequiredCreds

        protected static java.lang.String[] mRequiredCreds

      • mConfigParams

        protected static java.lang.String[] mConfigParams

      • mRemovePin

        protected boolean mRemovePin

      • mPinAttr

        protected java.lang.String mPinAttr

      • mSHADigest

        protected java.security.MessageDigest mSHADigest

      • mMD5Digest

        protected java.security.MessageDigest mMD5Digest

      • mSHA256Digest

        protected java.security.MessageDigest mSHA256Digest

    • Constructor Detail

      • UidPwdPinDirAuthentication

        public UidPwdPinDirAuthentication()
        Default constructor, initialization must follow.

    • Method Detail

      • init

        public void init​(java.lang.String name,
                 java.lang.String implName,
                 AuthManagerConfig config)
          throws EBaseException
        Description copied from class: DirBasedAuthentication
        Initializes the UidPwdDirBasedAuthentication auth manager. Takes the following configuration parameters: 
                ldap.basedn             - the ldap base dn.
        ldap.ldapconn.host      - the ldap host.
        ldap.ldapconn.port      - the ldap port
        ldap.ldapconn.secureConn - whether port should be secure
        ldap.minConns           - minimum connections
        ldap.maxConns           - max connections
        dnpattern               - dn pattern.

        dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.

        The syntax is 

             dnpattern = SubjectNameComp *[ "," SubjectNameComp ]

     SubjectNameComponent = DnComp | EntryComp | ConstantComp
     DnComp = CertAttr "=" "$dn" "." DnAttr "." Num
     EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num
     ConstantComp = CertAttr "=" Constant
     DnAttr    =  an attribute in the Ldap entry dn
     EntryAttr =  an attribute in the Ldap entry
     CertAttr  =  a Component in the Certificate Subject Name
                  (multiple AVA in one RDN not supported)
     Num       =  the nth value of tha attribute  in the dn or entry.
     Constant  =  Constant String, with any accepted ldap string value.

        Example: 

         dnpattern:
     E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US
 
        
 Ldap entry dn:
     UID=joesmith, OU=people, O=Acme.com
 
        
 Ldap attributes:
     cn: Joe Smith
     sn: Smith
     mail: joesmith@acme.com
     mail: joesmith@redhat.com
     ou: people
     ou: IS
     etc.

        The subject name formulated in the cert will be : 

           E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US

      E = the first 'mail' ldap attribute value in user's entry - joesmithe@acme.com
      CN = the (first) 'cn' ldap attribute value in the user's entry - Joe Smith
      OU = the second 'ou' value in the ldap entry - IS
      O = the (first) 'o' value in the user's entry DN - "Acme.com"
      C = the constant string "US"
        Specified by:
        init in interface AuthManager
        Overrides:
        init in class DirBasedAuthentication
        Parameters:
        name - The name for this authentication manager instance.
        implName - The name of the authentication manager plugin.
        config - - The configuration store for this instance.
        Throws:
        EBaseException - If an error occurs during initialization.

      • verifyPassword

        protected void verifyPassword​(java.lang.String Password)

      • checkpin

        protected void checkpin​(netscape.ldap.LDAPConnection conn,
                        java.lang.String userdn,
                        java.lang.String uid,
                        java.lang.String pin)
                 throws EBaseException,
                        netscape.ldap.LDAPException
        Throws:
        EBaseException
        netscape.ldap.LDAPException

      • getConfigParams

        public java.lang.String[] getConfigParams()
        Returns a list of configuration parameter names. The list is passed to the configuration console so instances of this implementation can be configured through the console.
        Specified by:
        getConfigParams in interface AuthManager
        Specified by:
        getConfigParams in class DirBasedAuthentication
        Returns:
        String array of configuration parameter names.

      • getName

        public java.lang.String getName​(java.util.Locale locale)
        Retrieves the localizable name of this policy.
        Specified by:
        getName in interface ProfileAuthenticator
        Parameters:
        locale - end user locale
        Returns:
        localized authenticator name

      • getText

        public java.lang.String getText​(java.util.Locale locale)
        Retrieves the localizable description of this policy.
        Specified by:
        getText in interface ProfileAuthenticator
        Parameters:
        locale - end user locale
        Returns:
        localized authenticator description

      • getValueNames

        public java.util.Enumeration<java.lang.String> getValueNames()
        Retrieves a list of names of the value parameter.
        Specified by:
        getValueNames in interface ProfileAuthenticator
        Returns:
        a list of property names

      • isValueWriteable

        public boolean isValueWriteable​(java.lang.String name)
        Description copied from interface: ProfileAuthenticator
        Checks if the value of the given property should be serializable into the request. Passsword or other security-related value may not be desirable for storage.
        Specified by:
        isValueWriteable in interface ProfileAuthenticator
        Parameters:
        name - property name
        Returns:
        true if the property is not security related

      • getValueDescriptor

        public IDescriptor getValueDescriptor​(java.util.Locale locale,
                                      java.lang.String name)
        Retrieves the descriptor of the given value parameter by name.
        Specified by:
        getValueDescriptor in interface ProfileAuthenticator
        Parameters:
        locale - user locale
        name - property name
        Returns:
        descriptor of the requested property

      • isSSLClientRequired

        public boolean isSSLClientRequired()
        Description copied from interface: ProfileAuthenticator
        Checks if this authenticator requires SSL client authentication.
        Specified by:
        isSSLClientRequired in interface ProfileAuthenticator
        Returns:
        client authentication required or not