Jump to End of Masthead
   
Sun(TM) Microsystems, Inc.
Jump Over Tab Navigation Area. Current Selection is: Access Control

OpenAM Server - Policy Plugin Samples

How to implement and use custom implementations for Subject, Condition, Referral and ResponseProvider interfaces?

    OpenAM policy framework defines Subject, Condition, Referral and ResponseProvider interfaces to let developers implement their own plugins to extend the functionality. This sample illustrates the steps involved.

  1. Write java source java files implementing Subject, Condition, Referral or ResponseProvider interface. See the sample files: SampleSubject.java, SampleCondition.java, SampleReferral.java, SampleResponseProvider.java

  2. Compile the source files to create class files. You would have to include opensso.jar and opesnsso-sharedlib.jar in classpath at compilation time.

  3. Pacakge the compiled classes into jar file, let us call it policy-plugins.jar.

  4. Explode opensso.war file.

  5. Add the policy-plugins.jar file to WEB-INF/lib directory. You could alernatively copy the custom plugin classes to WEB-INF/classes maintaining directory structure corresponding to the the java package of the plugin classes.

  6. Update WEB-INF/classes/amPolicy.properties to add l10n values for the new i18n keys used by iPlanetAMPolicyService.

    Note : The new i18n keys and their respective values refered here are the ones you would be using in "amPolicy_mod.xml" at step 9.

  7. Update WEB-INF/classes/amPolicyConfig.properties to add l10n values for the new i18n keys used by iPlanetAMPolicyConfigService.

    Note : The new i18n keys and their respective values refered here are the ones you would be using at step 10.

  8. Recreate the war file and redeploy the war file.

    Steps 1 through 8 have been already taken care of for the sample plugins included in OpenAM distribution.

  9. Register the new plugins with iPlanetAMPolicyService using ssoadm command. Assuming password.txt file has the password of amadmin

    ssoadm create-svc -X <amPolicy_mod.xml >-u amadmin -f <password.txt>

    See the sample amPolicy_mod.xml. Notice the new i18keys referred in the xml file. Corresponding l10n values should be added in amPolicy.properties

  10. Register the new plugins as choice values in iPlanetAMPolicyConfigService using ssoadm command.

  • ssoadm set-attr-choicevals -s iPlanetAMPolicyConfigService -t Organization -a iplanet-am-policy-selected-subjects -k a160=SampleSubject -u amadmin -f password.txt

  • ssoadm set-attr-choicevals -s iPlanetAMPolicyConfigService -t Organization -a iplanet-am-policy-selected-conditions -k a161=SampleCondition -u amadmin -f password.txt

  • ssoadm set-attr-choicevals -s iPlanetAMPolicyConfigService -t Organization -a iplanet-am-policy-selected-referrals -k a162=SampleReferral -u amadmin -f password.txt

  • ssoadm set-attr-choicevals -s iPlanetAMPolicyConfigService -t Organization -a sun-am-policy-selected-responseproviders -k a163=SampleResponseProvider -u amadmin -f password.txt

  1. Optionally register the new plugins as enabled for the selected realm using ssoadm command.

  • ssoadm add-attr-defs -s iPlanetAMPolicyConfigService -t Organization -a iplanet-am-policy-selected-subjects=SampleSubject -u amadmin -f password.txt

  • ssoadm add-attr-defs -s iPlanetAMPolicyConfigService -t Organization -a iplanet-am-policy-selected-conditions=SampleCondition -u amadmin -f password.txt

  • ssoadm add-attr-defs -s iPlanetAMPolicyConfigService -t Organization -a iplanet-am-policy-selected-referrals=SampleReferral -u amadmin -f password.txt

  • ssoadm add-attr-defs -s iPlanetAMPolicyConfigService -t Organization -a sun-am-policy-selected-responseproviders=SampleResponseProvider -u amadmin -f password.txt

    You can also use openam console to do the previous setp: Login as amadmin or administrator at the realm, navigate to the realm, services, policy configuration and enable or disable the selection of the plugin. You would have to do this step using console for the realms that have been already created.

  1. Restart the webapp or the container

  2. You can now add the instances of the new plugins while defining policies using either console of ssoadm commad. The new plugins would be availabe as choices in right policy management pages in the console.

  3. To disable the custom plugins from being added newly to policies, using openam console navigate to Access Control > Realm > Services | Policy Configuration and deselect the appropriate custom plugins and save the Policy Configuration properties page for exisiting realms. If you navigate to Configuration > Global > Policy Configuration and do this, the custom plugins would be deselected for the realms that would be created subsequently.

  4. Copy the custom plugin classes to <TOOLS_HOME>/classes maintaining directory structure corresponding to the the java package of the plugin classes. You can copy the classes of bundled custom sample plugins from explosed openam.war, WEB-INF/classes/com/sun/identity/samples/policy. This is required if you would use ssoadm to export or add policies.

    Note : <TOOLS_HOME> is the ssoadm home directory from where you would be running ssoadm CLI tool.