To develop authentication user exits, you must develop
OSGi services that include the provided user exit APIs.
Before you begin
You must be an experienced programmer in Java™, Open Services Gateway Initiative (OSGi)
services, and OSGi bundles. The
BusinessDocument public
user exit Java API must be exported
as an OSGi service in your OSGi bundle.
About this task
To develop an authentication
user exit OSGi service:
Procedure
- Locate the Members\resources\userexits
installation directory.
- Set up your development environment.
- Download the user exit API JAR file from the
Members\resources\userexits
installation directory.
- Verify that your integrated development environment
(IDE) is configured for OSGi development.
- Optional: Download the latest Eclipse IDE
and either Equinox SDK or Apache Aries: Maven
Plug-in.
- Optional: Download the latest WebSphere® Application Server V7 Feature
pack for OSGi Applications and JPA 2.0.
- Modify your /META-INF/MANIFEST.MF file
to match your implementation.
- Optional: For Maven plug-in implementations,
modify your /META-INF/pom.xml
and META-INF/pom.properties files to match
your implementation.
- Optional: For Blueprint Container implementations,
modify your /OSGI-INF/blueprint.xml file
to match your implementation.
- Implement the Authentication user exit API.
- AuthenticationUserExitHandler
- Develop user exit authentication for embedded (full) X.509
certificate, SAML token, or user name
token during the authentication process
flow.
- BusinessDocument
- The BusinessDocument is used to handle the
message, payload, attachments, transport
headers, and message properties in
the process flow. You must also use the
BusinessDocument API to invoke the UserExitKeyPair
API and retrieve the
owner UserExitKeyPair for decryption of the SAML
token.
- Debug your standard OSGi components in your local IDE.
Restriction: User
exits cannot be tested in your local
development environment. You must deploy the user exit OSGi
services on the system for testing.
- Update the service ID in the
SystemConfigurationSYSLoader.properties
file.
- Locate the Members\resources installation
directory.
- Edit the
SystemConfigurationSYSLoader.properties
file with the unique service
ID.
- USEREXIT_AUTHENTICATION_OUTBOUND_SERVICEID
- Outbound service ID for authentication. Unique identifier that
must start with a letter or an
underscore and it cannot contain spaces or special
characters.
- USEREXIT_AUTHENTICATION_INBOUND_SERVICEID
- Inbound service ID for authentication. Unique identifier
that must start with a letter or
an underscore and cannot contain
spaces or special characters.
- To load the updated properties file in the system, type
execute config
load all
- Assemble your authentication user exit OSGi service and
prepare your userexit_bundle-SymbolicName.jar OSGi
bundle for deployment on the system.
- To deploy your authentication user exit
bundle, locate the bin directory.
Important: You must repeat
this procedure for each node that requires
this user exit.
- To load your user exit OSGi bundle into
the data grid, type execute user_exit load <path
to userexit_bundle.jar>
- To deploy your user exit OSGi bundle
on your current node, type execute user_exit
config <userexit_bundle-SymbolicName>|all
Important: If you update an existing
user exit on the system, you must restart the
member.
- Optional: Restart the member:
- To stop the member, type execute member stop
operational
- To start the member, type execute
member start operational or execute
member start_service operational
- Optional: To verify your
user exit deployment, type execute user_exit
list
- Optional: To indicate the
specific implementation of your authentication user exits,
update the service ID in
the SystemConfigurationSYSLoader.properties file.
- Locate the Members\resources\config installation
directory.
- Edit the SystemConfigurationSYSLoader.properties file
with the unique service ID.
- USEREXIT_AUTHENTICATION_OUTBOUND_SERVICEID
- Outbound service ID for authentication. Unique identifier that
must start with a letter
or an underscore and it cannot contain
spaces or special characters.
- USEREXIT_AUTHENTICATION_INBOUND_SERVICEID
- Inbound service ID for authentication. Unique identifier that
must start with a letter
or an underscore and cannot contain
spaces or special characters.
- To load the updated properties file in the system, type execute
config load all
Example
API code snippet for destination authentication
user exit points.
/**
* Interface for authentication user exit point for destinations
*
*/
interface AuthenticationUserExitHandler {
public BusinessDocument invoke( BusinessDocument doc ) throws AuthenticationException;
}
What to do next
You can now manage and configure your
authentication user exits in the process flows for conformance
policy and exchange profiles.
Tip: To
edit deployed user exit OSGi bundles, type execute
user_exit export <userexit_bundle-SymbolicName> <directory
location for exported files>. You can then edit
the OSGi bundle locally and modify, debug, and test before
you deploy the modified OSGi bundle again.