Creating Custom Authentication Plug-ins 3-17

3.4.2 Writing a Custom Authentication Plug-in

This section provides steps to write a custom authentication plug-in. The following overview describes the actions a developer must take after the system architect identifies the business requirements for this plug-in and considers the authentication flow when a user requests a resource. For more information, see Section 3.1.2, About Planning, the Authentication Model, and Plug-ins . Prerequisites Introduction to Authentication Plug-ins Sample Code: Custom Database User Authentication Plug-in Task overview: Developers write a custom authentication plug-in 1. Extend AbstractAuthenticationPlugIn class and implement the following methods see also Section 3.4.1, About Writing a Custom Authentication Plug-in : ■ Implement initialize method ■ Implement process method

2. Develop plug-in code using appropriate Oracle Access Manager 11g interfaces and

packages. See: ■ Section 3.1, Introduction to Authentication Plug-ins ■ Section 3.3, Sample Code: Custom Database User Authentication Plug-in

3. Prepare Metadata for the Custom Plug-in. See:

■ Section 3.3.2, Sample Plug-in Configuration Metadata Requirements

4. Prepare the Plug-in Jar file and manifest and turn these over to your deployment

team. See: ■ Section 3.3.3, Sample Manifest for the Plug-in ■ Section 3.3.4, Plug-in JAR File Structure

5. Proceed to:

■ Section 3.4.3, JARs Required for Compiling a Custom Authentication Plug-in ■ Section 3.5, Adding Custom Plug-ins

3.4.3 JARs Required for Compiling a Custom Authentication Plug-in

Several JAR files are required to compile a custom authentication plug-in. Those jars can be found under: ■ extensibility_lifecycle.jar ■ . felix.jar ■ .felix-service.jar ■ oam-plugin.jar Note: Custom plug-in developers must implement actual custom authentication processing logic in this method and return the final authentication execution status. 3-18 Developers Guide for Oracle Access Manager and Oracle Security Token Service These JAR files are located in the following path: DOMAIN_HOME serversMANAGED_INSTANCE_NAMEtmp_WL_useroam_serverRANDOM_STRING APP-INFlib

3.5 Adding Custom Plug-ins

This section provides the following topics: ■ About Managing Custom Plug-ins ■ Adding Custom Plug-ins ■ Deleting Custom Authentication Plug-ins

3.5.1 About Managing Custom Plug-ins

Custom authentication plug-ins can be created and used in custom authentication modules, and, in turn, used in authentication schemes. After development, the plug-in must be deployed on the admin server, as a JAR file, which is validated automatically. After validation, an administrator can configure and distribute the plug-in using the Oracle Access Suite. The server processes the XML configuration file within the plug-in JAR file to extract data about the plug-in. After the plug-in is imported, an administrator can see and modify the various plug-in states based on information available from the AdminServer. Figure 3–14 illustrates the Plug-ins Node under the Common Configuration section of the System Configuration tab, and the Plugins page. This page includes a tool bar with command buttons, most of which operate on the plug-in that is selected in the table. The table provides information about the existing custom plug-ins and their state. The Plugin Details section at the bottom of the page reflects configuration details for the selected plug-in the table.