nevisIDM authentication plug-ins

The nevisIDM component provides an extended user facility to manage

• users (with various credential types),
• roles (for example, to establish an enterprise role model), and
• applications (to manage access of users to applications, for example, by checking permission on URLs on the access proxy).

The plug-ins in this chapter are used to integrate nevisIDM into nevisAuth.

The nevisIDM AuthState implementation uses a JAXWS-based web service client to access the corresponding nevisIDM LoginService.

To use the nevisIDM AuthStates, the package nevisidmcl has to be installed on the nevisAuth machine.

Multiple clients

Providing authentication to users of several clients means that the client context has to be known or set during the authentication process. Several solutions are possible:

These solutions are also recommended in case of a single client.1. The user is asked to enter the name of the client. For example, if you use the IdmPasswordVerifyState, the user must fill in three input fields: one for the client name, one for the login ID and one for the password. Refer to the nevisAuth reference guide for further details about the configuration. 2. The client name is explicitly set by nevisAuth. For example, it is possible to provide a separate URL for every client. nevisAuth will then set the client name according to the URL with which the user has accessed the login page. 3. The IdmX509State AuthState is used to perform authentication based on certificates. The IdmX509State AuthState automatically performs certificate authentication, that is, without user interaction. The state will search for corresponding certificates in nevisIDM without any client restriction and perform the authentication if a user owns the certificate. If the certificate has been registered for several users from different clients, the IdmX509State will show all relevant clients. The user can choose the client he wants to log in to.