Wednesday, February 25, 2009

Test sample to redirect to another site during AM Authentication

package com.trusteq.test;

import java.util.HashMap;
import java.util.Map;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.sun.identity.authentication.spi.RedirectCallback;
import com.sun.identity.wss.security.SecurityPrincipal;
import com.iplanet.am.util.Debug;

public class LoginModuleSample extends AMLoginModule {

private String userTokenId;
private String userName = "test";
private String userPassword;
private String status;
private java.security.Principal userPrincipal = null;
private static final String amAuthLoginModuleSample = "amAuthLoginModuleSample";
private static Debug debug = Debug.getInstance(amAuthLoginModuleSample);

public LoginModuleSample() throws LoginException{
debug.message("LoginModuleSample()");
}

public void init(Subject subject, Map sharedState, Map options) {
debug.message("LoginModuleSample initialization");
}

public int process(Callback[] callbacks, int state) throws AuthLoginException {
int currentState = state;
debug.message("LoginModuleSample process");
if (currentState == 1) {

userPassword = charToString(((PasswordCallback)
callbacks[1]).getPassword(), callbacks[1]);
debug.message("userName : " + userName);
debug.message("userPassword : " + userPassword);

if (userName.length() == 0 || userPassword.length() == 0) {
throw new AuthLoginException("names must not be empty");
}

if (userPassword != null && userPassword.equals("payit")) {
debug.message("Replace redirect data with : " + userName);
// set #REPLACE# text in next state
Callback[] callbacks2 = getCallback(2);
RedirectCallback rc = (RedirectCallback)callbacks2[0];
Map redirectdata = rc.getRedirectData();
debug.message("Old RedirectData : " + redirectdata);
Map newRedirectData = new HashMap();
if (redirectdata != null) {
for (Iterator nvp = redirectdata.entrySet().iterator();
nvp.hasNext();) {
Map.Entry me = (Map.Entry)nvp.next();
String key = (String) me.getKey();
String value = (String) me.getValue();
int i = value.indexOf("#REPLACE#");
String newValue = value;
if (i != -1) {
newValue = userName;
}
newRedirectData.put(key,newValue);
}
}
debug.message("newRedirectData : " + newRedirectData);
RedirectCallback rcNew = new RedirectCallback(rc.getRedirectUrl(),
newRedirectData,
rc.getMethod(),
rc.getStatusParameter(),
rc.getRedirectBackUrlCookieName());

replaceCallback(2, 0, rcNew);

return 2;
} else {
userTokenId = userName;
// return -1 for login successful
return -1;
}
} else if (currentState == 2) {
RedirectCallback rc1 = (RedirectCallback) callbacks[0];
status = rc1.getStatus();
debug.message("LoginModuleSample status :" + status);
if (status != null && status.equals(rc1.SUCCESS)) {
userTokenId = userName;
// return -1 for login successful
return -1;
} else {
throw new AuthLoginException("FAILED");
}
}
throw new AuthLoginException("Invalid state : " + currentState);
}

public java.security.Principal getPrincipal() {
if (userPrincipal != null) {
return userPrincipal;
} else if (userTokenId != null) {
userPrincipal = new SecurityPrincipal(userTokenId);
return userPrincipal;
} else {
return null;
}
}

private String charToString(char[] tmpPassword, Callback cbk) {
if (tmpPassword == null) {
// treat a NULL password as an empty password
tmpPassword = new char[0];
}
char[] pwd = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0, pwd, 0, tmpPassword.length);
((PasswordCallback) cbk).clearPassword();
return new String(pwd);
}
}

Monday, February 23, 2009

Steps to create distauth war file on OpenSSO

1. Let /space/work/opensso/distauth-workarea be the workarea.

2. Create two directories
build20090121
opensso-war-staging

3. cp opensso.zip ./build20090121

4. cd /space/work/opensso/distauth-workarea/build20090121

5. unzip opensso.zip

6. cd /space/work/opensso/distauth-workarea/opensso-war-staging

7. jar xvf /space/work/opensso/distauth-workarea/build20090121/opensso/deployable-war/opensso.war

8. jar cvf /space/work/opensso/distauth-workarea/build20090121/opensso/deployable-war/fam-distauth.war @/space/work/opensso/distauth-workarea/build20090121/opensso/deployable-war/fam-distauth.list

9. cd /space/work/opensso/distauth-workarea/build20090121/opensso/deployable-war/distauth

10. jar uvf /space/work/opensso/distauth-workarea/build20090121/opensso/deployable-war/fam-distauth.war *

Friday, February 20, 2009

Few useful scripts

Getting directory size in unix
-------------------------------
This little hackish script gets you the exact size of a directory
(recursively) in bytes. It's nothing fancy, we just trick rsync
into telling us and scrub the output.

Script:
-------
#!/bin/bash

DIR=${1?Specify a directory}

[ -d "$DIR" ] || { echo "Not a directory: $DIR" && exit 1; }

# We don't actually copy anything (-n is --dry-run)
rsync -n -r "$DIR" /dev/null/ | tail -n1 | perl -pe 's/.*size is ([0-9]+) .*/$1/'

***************************************************

Grep a class name in a jar
---------------------------
Usage:
-------
$ grepjar EXP JARS...
$ grepjar MyClass myapp.jar

Usable with find.
find ~/.m2/repository/ -name '*.jar' -exec grepjar.sh MyClass {} \;

Or find and xargs
find ~/.m2/repository/ -name '*.jar' | xargs grepjar.sh MyClass

Script:
-------
#!/bin/bash

EXP=${1?must specify a pattern}
shift

for n in "$@"; do
jar tvf "$n" | egrep "$EXP"
[ $? -eq 0 ] && echo "$n"
done

***************************************************

Relative to Absolute file path conversions:
-------------------------------------------
Here is a little perl script that can turn relative file paths into absolute file paths.
Couldn't find a command for it, so this is the next best thing.

put this in a bin directory in your path somewhere
rel2abs

#!/usr/bin/perl
use File::Spec;
foreach (@ARGV) {
push @files, File::Spec->rel2abs($_);
}
print join(" ",@files) . "\n";

then just chmod it

# chmod 755 /usr/local/bin/rel2abs

then run it

# rel2abs ~/././*
/root/anaconda-ks.cfg /root/Desktop /root/install.log /root/install.log.syslog /root/setup.txt

***************************************************
Source: http://docs.codehaus.org/display/ninja/Home

Thursday, February 5, 2009

Manual package removal of Policy Agent 2.2

If you had installed Sun AM Policy Agent 2.2 on a solaris machine and lost its installation folder, you can do the following to manually remove it.

1. Go to /var/sadm/install/productregistry file and look for the location of agent install folder.

2. If folder mentioned in step-1 is no more available, do the following
a. pkgrm SUNWamcom
b. pkgrm SUNWames6
c. Remove all entries related to agent in /var/sadm/install/productregistry.
d. Remove entryies from .conf files of sun web server where this agent was installed.
e. Restart web server.

Tuesday, February 3, 2009

Customized authn SPI module in OpenSSO

It is typical that customers write custom authentication SPI modules in customizing OpenSSO. Here is the set of steps that we need to do:

1. Login into OpenSSO as amadmin

2. Access the following URL
http://opensso/ssoadm.jsp

3. Choose create-svc option

4. Copy and paste the service xml file for your Custom Auth Module. Sample pasted below.

5. To register the custom auth module into the authentication core framework, choose register-auth-module option. Enter the complete module class name i.e including the package.

6. Copy the jar file that contains your SPI plugin classes into $WAR_DIR/WEB-INF/lib

7. If you have any property file that stores i18n keys for your module configuration label, copy it to $WAR_DIR/WEB-INF/classes

8. Copy xml file that contains callbacks for authn module to $WAR_DIR/opensso/config/auth/default folder. You need to copy it to the appropriate folder instead of default if locale is different than en_US.

9. Restart the server

10. Your Custom Auth Module should be listed under types of Authentication modules and once instance is created, it should be configurable based on what attributes you have listed in your service xml file.

11. You are ready to test your custom SPI auth plugin.
http://host:port/opensso/UI/Login?module=testme

Sample SPI plugin
-------------------
package com.iplanet.am.samples.authentication.spi.providers;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.Misc;
import com.sun.identity.authentication.service.AuthD;
import com.sun.identity.authentication.spi.AMLoginModule;
import com.sun.identity.authentication.spi.InvalidPasswordException;
import com.sun.identity.authentication.util.ISAuthConstants;
import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.servlet.http.Cookie;

/**
*
* @testcase for sample login module
*/
public class LakshmanTest extends AMLoginModule {
final private static String DEBUG_NAME = "amAuthLakshmanTest";
final private static Debug debug = Debug.getInstance(DEBUG_NAME);
private String authLevel;
static String bundleName = AuthD.BUNDLE_NAME;
int failureNum = 0;
private String userTokenId;
private java.security.Principal userPrincipal = null;

public LakshmanTest() {
super();
debug.error("inside LakshmanTest()");
}

@Override
public void init(Subject subject, Map sharedState, Map options) {
debug.error("inside LakshmanTest.init()");
debug.error("subject=" + subject);
debug.error("ss=" + sharedState);
debug.error("opts=" + options);
}

@Override
public int process(Callback[] callbacks, int state) throws LoginException {
debug.error("inside LakshmanTest.process()");

if (state == 1) {
debug.error("now in state one");

NameCallback nc = (NameCallback) callbacks[0];

if (!nc.getName().equals("tu1")) {
debug.error("name isn't tu1");
return 1;
} else {
debug.error("name is tu1");
}

return 2;
} else {
debug.error("now in state two");
PasswordCallback pc = (PasswordCallback) callbacks[0];
String password = new String(pc.getPassword());

if (!password.equalsIgnoreCase("password")) {
throw new InvalidPasswordException("invalid password");
}

userTokenId = "tu1";

if (getHttpServletRequest() != null) {
debug.error("added cookie nibble");
debug.error("Object returned by getHttpServletRequest = " + getHttpServletRequest());
} else {
debug.error("getHttpServletRequest is null");
}


if (getHttpServletResponse() != null) {
debug.error("added cookie wibble");
getHttpServletResponse().addCookie(new Cookie("wibble", "baa"));
debug.error("Object returned by getHttpServletResponse = " + getHttpServletResponse());
} else {
debug.error("getHttpServletResponse is null");
}

return ISAuthConstants.LOGIN_SUCCEED;
}
}

public java.security.Principal getPrincipal() {
if (userPrincipal != null) {
return userPrincipal;
} else if (userTokenId != null) {
userPrincipal = new LakshmanTestPrincipal(userTokenId);
return userPrincipal;
} else {
return null;
}
}


@Override
public void destroyModuleState() {
failureNum = 0;
}
}

package com.iplanet.am.samples.authentication.spi.providers;

import java.io.Serializable;
import java.security.Principal;

public class LakshmanTestPrincipal implements Principal, Serializable {

final private String name;

public LakshmanTestPrincipal(String name) {
this.name = name;
}

public String getName() {
return name;
}

@Override
public boolean equals(Object obj) {
if (obj == null)
return false;
if (this == obj)
return true;
if (!(obj instanceof LakshmanTestPrincipal))
return false;
LakshmanTestPrincipal authprincipal = (LakshmanTestPrincipal) obj;

return getName().equals(authprincipal.getName());
}

@Override
public int hashCode() {
return name.hashCode();
}
}