3-12 Developers Guide for Oracle Access Manager and Oracle Security Token Service Figure 3–9 Database User Authentication Plug-in Part 2 Continued... Creating Custom Authentication Plug-ins 3-13 Figure 3–10 Database User Authentication Plug-in Part 3

3.3.2 Sample Plug-in Configuration Metadata Requirements

The plug-ins configuration requirements must be given in XML format. 3-14 Developers Guide for Oracle Access Manager and Oracle Security Token Service This configuration data metadata includes plug-in name, plug-in author, creation date, plug-in version, plug-in interface class, plug-in implementation class, and plug-in configuration data in the form of Attribute Value pairs. Figure 3–11 shows the XML Schema Definition XSD file containing metadata for the sample: Database User Authentication Plug-in implementation. Figure 3–11 XSD Configuration Data: Database User Authentication Plug-in Figure 3–12 shows the XML metadata for the sample: Database User Authentication Plug-in. Creating Custom Authentication Plug-ins 3-15 Figure 3–12 XML Metadata: Database User Authentication Plug-in

3.3.3 Sample Manifest for the Plug-in

Figure 3–13 illustrates the MANIFEST.MF file for the sample: Database User Authentication Plug-in. Figure 3–13 MANIFEST.MF for Sample Database User Authentication Plug-in

3.3.4 Plug-in JAR File Structure

The JAR file structure for the sample Database User Authentication Plug-in is listed here: ■ plugin.xml ■ plugin.class per the package structure, as shown in Section 3.2, Introduction to Plug-in Interfaces 3-16 Developers Guide for Oracle Access Manager and Oracle Security Token Service ■ META-INF MANIFEST.MF

3.4 Developing an Authentication Plug-in

The developer translates what a security architect has designed into the actual plug-in using common libraries to interface custom authentication modules. This section guides as you develop an authentication plug-in for use with Oracle Access Manager 11g authentication schemes. The following topics are discussed: ■ About Writing a Custom Authentication Plug-in ■ Writing a Custom Authentication Plug-in ■ JARs Required for Compiling a Custom Authentication Plug-in

3.4.1 About Writing a Custom Authentication Plug-in

Writing the custom plug-in implementation includes writing the plug-in implementation class to: ■ Extend AbstractAuthenticationPlugIn class see Section 3.2.1, About the Plug-in Interfaces ■ Implement initialize method ■ Implement process method Table 3–3 describes the methods required for the plug-in’s functionality. Table 3–3 Required Plug-in Methods Required Method Description initialize Gives a handle to the PluginConfig object. The PluginConfig object can be exercised to get plug-in specific system configuration data that is entered when the plug-in is uploaded. This data is required for the plug-ins own functionality process Gives a handle to the AuthenticationContext object, which can be exercised to get plug-in specific run time configuration data that is: ■ either updated at plug-in instance level ■ or updated during plug-in orchestration steps The AuthenticationContext object extends PluginContext object which gives different methods to get the: ■ plug-in configuration data ■ exception data ■ plug-in environment data In addition, the AuthenticationContext object provides methods to get the: ■ Authentication scheme ■ Authenticated Subject ■ Credential object ■ Run time policy resource Creating Custom Authentication Plug-ins 3-17

3.4.2 Writing a Custom Authentication Plug-in

This section provides steps to write a custom authentication plug-in. The following overview describes the actions a developer must take after the system architect identifies the business requirements for this plug-in and considers the authentication flow when a user requests a resource. For more information, see Section 3.1.2, About Planning, the Authentication Model, and Plug-ins . Prerequisites Introduction to Authentication Plug-ins Sample Code: Custom Database User Authentication Plug-in Task overview: Developers write a custom authentication plug-in 1. Extend AbstractAuthenticationPlugIn class and implement the following methods see also Section 3.4.1, About Writing a Custom Authentication Plug-in : ■ Implement initialize method ■ Implement process method

2. Develop plug-in code using appropriate Oracle Access Manager 11g interfaces and

packages. See: ■ Section 3.1, Introduction to Authentication Plug-ins ■ Section 3.3, Sample Code: Custom Database User Authentication Plug-in

3. Prepare Metadata for the Custom Plug-in. See:

■ Section 3.3.2, Sample Plug-in Configuration Metadata Requirements

4. Prepare the Plug-in Jar file and manifest and turn these over to your deployment

team. See: ■ Section 3.3.3, Sample Manifest for the Plug-in