Header to Callback Mapping

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Header to Callback Mapping

Rife, Brandon
Hi All,

OpenAM maps the X-OpenAM-Username and X-OpenAM-Password HTTP headers to the NameCallback and PasswordCallback Java classes when invoking the authentication REST endpoint.  Is it possible to map headers to other Callback classes for custom authentication modules?

________________________________

NOTICE: This e-mail and any attachments is intended only for use by the addressee(s) named herein and may contain legally privileged, proprietary or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me via reply email or at (800) 927-9800 and permanently delete the original copy and any copy of any e-mail, and any printout.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Header to Callback Mapping

Bernhard Thalmayr
This is only a short-cut if a NameCallback and 'PasswordCallback' is
used by the auth-module.

Why don't you use regular REST authentication as mentioned in
<a href="https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth">https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth

-Bernhard

Am 02/05/16 um 15:26 schrieb Rife, Brandon:

> Hi All,
>
> OpenAM maps the X-OpenAM-Username and X-OpenAM-Password HTTP headers to the NameCallback and PasswordCallback Java classes when invoking the authentication REST endpoint.  Is it possible to map headers to other Callback classes for custom authentication modules?
>
> ________________________________
>
> NOTICE: This e-mail and any attachments is intended only for use by the addressee(s) named herein and may contain legally privileged, proprietary or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me via reply email or at (800) 927-9800 and permanently delete the original copy and any copy of any e-mail, and any printout.
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Header to Callback Mapping

Rife, Brandon
Bernhard,

This is a custom switch account module that allows user A to switch to user B on the fly. We have the concept of primary and secondary users. A primary user is initially authenticated using id/pass or federation but once authenticated can switch to associated secondary users on the fly. This custom module accepts an existing OpenAM session id in X-OpenAM-Username and the user id to switch to in the X-OpenAM-Password header.  While this works it's not ideal.  I'd rather use two NameCallback callbacks but can't find anyway to do that.



On 5/2/16, 10:32 AM, "[hidden email] on behalf of Bernhard Thalmayr" <[hidden email] on behalf of [hidden email]> wrote:

>This is only a short-cut if a NameCallback and 'PasswordCallback' is
>used by the auth-module.
>
>Why don't you use regular REST authentication as mentioned in
><a href="https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth">https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth
>
>-Bernhard
>
>Am 02/05/16 um 15:26 schrieb Rife, Brandon:
>> Hi All,
>>
>> OpenAM maps the X-OpenAM-Username and X-OpenAM-Password HTTP headers to the NameCallback and PasswordCallback Java classes when invoking the authentication REST endpoint.  Is it possible to map headers to other Callback classes for custom authentication modules?
>>
>> ________________________________
>>
>> NOTICE: This e-mail and any attachments is intended only for use by the addressee(s) named herein and may contain legally privileged, proprietary or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me via reply email or at (800) 927-9800 and permanently delete the original copy and any copy of any e-mail, and any printout.
>> _______________________________________________
>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>> OpenAM mailing list
>> [hidden email]
>> https://lists.forgerock.org/mailman/listinfo/openam
>>
>
>
>--
>Painstaking Minds
>IT-Consulting Bernhard Thalmayr
>Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
>Tel: +49 (0)8062 7769174
>Mobile: +49 (0)176 55060699
>
>[hidden email] - Solution Architect
>http://www.xing.com/profile/Bernhard_Thalmayr
>http://de.linkedin.com/in/bernhardthalmayr
>
>This e-mail may contain confidential and/or privileged information.If
>you are not the intended recipient (or have received this email in
>error) please notify the sender immediately and delete this e-mail. Any
>unauthorized copying, disclosure or distribution of the material in this
>e-mail is strictly forbidden.
>_______________________________________________
>Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>OpenAM mailing list
>[hidden email]
>https://lists.forgerock.org/mailman/listinfo/openam
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Header to Callback Mapping

Bernhard Thalmayr
You can define the type of callback in the callback driver XML. How does
your callback XML driver file currenly look like?

-Bernhard

Am 02/05/16 um 17:47 schrieb Rife, Brandon:

> Bernhard,
>
> This is a custom switch account module that allows user A to switch to user B on the fly. We have the concept of primary and secondary users. A primary user is initially authenticated using id/pass or federation but once authenticated can switch to associated secondary users on the fly. This custom module accepts an existing OpenAM session id in X-OpenAM-Username and the user id to switch to in the X-OpenAM-Password header.  While this works it's not ideal.  I'd rather use two NameCallback callbacks but can't find anyway to do that.
>
>
>
> On 5/2/16, 10:32 AM, "[hidden email] on behalf of Bernhard Thalmayr" <[hidden email] on behalf of [hidden email]> wrote:
>
>> This is only a short-cut if a NameCallback and 'PasswordCallback' is
>> used by the auth-module.
>>
>> Why don't you use regular REST authentication as mentioned in
>> <a href="https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth">https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth
>>
>> -Bernhard
>>
>> Am 02/05/16 um 15:26 schrieb Rife, Brandon:
>>> Hi All,
>>>
>>> OpenAM maps the X-OpenAM-Username and X-OpenAM-Password HTTP headers to the NameCallback and PasswordCallback Java classes when invoking the authentication REST endpoint.  Is it possible to map headers to other Callback classes for custom authentication modules?
>>>
>>> ________________________________
>>>
>>> NOTICE: This e-mail and any attachments is intended only for use by the addressee(s) named herein and may contain legally privileged, proprietary or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me via reply email or at (800) 927-9800 and permanently delete the original copy and any copy of any e-mail, and any printout.
>>> _______________________________________________
>>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>>> OpenAM mailing list
>>> [hidden email]
>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>
>>
>>
>> --
>> Painstaking Minds
>> IT-Consulting Bernhard Thalmayr
>> Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
>> Tel: +49 (0)8062 7769174
>> Mobile: +49 (0)176 55060699
>>
>> [hidden email] - Solution Architect
>> http://www.xing.com/profile/Bernhard_Thalmayr
>> http://de.linkedin.com/in/bernhardthalmayr
>>
>> This e-mail may contain confidential and/or privileged information.If
>> you are not the intended recipient (or have received this email in
>> error) please notify the sender immediately and delete this e-mail. Any
>> unauthorized copying, disclosure or distribution of the material in this
>> e-mail is strictly forbidden.
>> _______________________________________________
>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>> OpenAM mailing list
>> [hidden email]
>> https://lists.forgerock.org/mailman/listinfo/openam
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Header to Callback Mapping

Rife, Brandon
Bernard,

Assuming that you are referring to the file contents below?  If I changed the PasswordCallback to NameCallback how could the second NameCallback be passed to the REST endpoint?   I understand how it would work with a UI but I want to call the custom authentication module over REST using an endpoint like /openam/json/authenticate?authIndexType=module&authIndexValue=MY_MODULE.

<?xml version="1.0" encoding="UTF-8"?>
<ModuleProperties moduleName="SwitchaccountAuth" version="1.0">
        <Callbacks length="2" order="1" timeout="600">
                <NameCallback isRequired="true">
                        <Prompt>#USERNAME#</Prompt>
                </NameCallback>
                <PasswordCallback echoPassword="false">
                        <Prompt>#IMPTOKEN#</Prompt>
                </PasswordCallback>
        </Callbacks>
</ModuleProperties>





On 5/2/16, 12:02 PM, "[hidden email] on behalf of Bernhard Thalmayr" <[hidden email] on behalf of [hidden email]> wrote:

>You can define the type of callback in the callback driver XML. How does
>your callback XML driver file currenly look like?
>
>-Bernhard
>
>Am 02/05/16 um 17:47 schrieb Rife, Brandon:
>> Bernhard,
>>
>> This is a custom switch account module that allows user A to switch to user B on the fly. We have the concept of primary and secondary users. A primary user is initially authenticated using id/pass or federation but once authenticated can switch to associated secondary users on the fly. This custom module accepts an existing OpenAM session id in X-OpenAM-Username and the user id to switch to in the X-OpenAM-Password header.  While this works it's not ideal.  I'd rather use two NameCallback callbacks but can't find anyway to do that.
>>
>>
>>
>> On 5/2/16, 10:32 AM, "[hidden email] on behalf of Bernhard Thalmayr" <[hidden email] on behalf of [hidden email]> wrote:
>>
>>> This is only a short-cut if a NameCallback and 'PasswordCallback' is
>>> used by the auth-module.
>>>
>>> Why don't you use regular REST authentication as mentioned in
>>> <a href="https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth">https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth
>>>
>>> -Bernhard
>>>
>>> Am 02/05/16 um 15:26 schrieb Rife, Brandon:
>>>> Hi All,
>>>>
>>>> OpenAM maps the X-OpenAM-Username and X-OpenAM-Password HTTP headers to the NameCallback and PasswordCallback Java classes when invoking the authentication REST endpoint.  Is it possible to map headers to other Callback classes for custom authentication modules?
>>>>
>>>> ________________________________
>>>>
>>>> NOTICE: This e-mail and any attachments is intended only for use by the addressee(s) named herein and may contain legally privileged, proprietary or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me via reply email or at (800) 927-9800 and permanently delete the original copy and any copy of any e-mail, and any printout.
>>>> _______________________________________________
>>>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>>>> OpenAM mailing list
>>>> [hidden email]
>>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>>
>>>
>>>
>>> --
>>> Painstaking Minds
>>> IT-Consulting Bernhard Thalmayr
>>> Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
>>> Tel: +49 (0)8062 7769174
>>> Mobile: +49 (0)176 55060699
>>>
>>> [hidden email] - Solution Architect
>>> http://www.xing.com/profile/Bernhard_Thalmayr
>>> http://de.linkedin.com/in/bernhardthalmayr
>>>
>>> This e-mail may contain confidential and/or privileged information.If
>>> you are not the intended recipient (or have received this email in
>>> error) please notify the sender immediately and delete this e-mail. Any
>>> unauthorized copying, disclosure or distribution of the material in this
>>> e-mail is strictly forbidden.
>>> _______________________________________________
>>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>>> OpenAM mailing list
>>> [hidden email]
>>> https://lists.forgerock.org/mailman/listinfo/openam
>> _______________________________________________
>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>> OpenAM mailing list
>> [hidden email]
>> https://lists.forgerock.org/mailman/listinfo/openam
>>
>
>
>--
>Painstaking Minds
>IT-Consulting Bernhard Thalmayr
>Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
>Tel: +49 (0)8062 7769174
>Mobile: +49 (0)176 55060699
>
>[hidden email] - Solution Architect
>http://www.xing.com/profile/Bernhard_Thalmayr
>http://de.linkedin.com/in/bernhardthalmayr
>
>This e-mail may contain confidential and/or privileged information.If
>you are not the intended recipient (or have received this email in
>error) please notify the sender immediately and delete this e-mail. Any
>unauthorized copying, disclosure or distribution of the material in this
>e-mail is strictly forbidden.
>_______________________________________________
>Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>OpenAM mailing list
>[hidden email]
>https://lists.forgerock.org/mailman/listinfo/openam
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Header to Callback Mapping

Bernhard Thalmayr
Brandon, have you tried to look at the detailed example at the link I
provided? There you see how you have to send the data.

-Bernhard

Am 02/05/16 um 18:24 schrieb Rife, Brandon:

> Bernard,
>
> Assuming that you are referring to the file contents below?  If I changed the PasswordCallback to NameCallback how could the second NameCallback be passed to the REST endpoint?   I understand how it would work with a UI but I want to call the custom authentication module over REST using an endpoint like /openam/json/authenticate?authIndexType=module&authIndexValue=MY_MODULE.
>
> <?xml version="1.0" encoding="UTF-8"?>
> <ModuleProperties moduleName="SwitchaccountAuth" version="1.0">
> <Callbacks length="2" order="1" timeout="600">
> <NameCallback isRequired="true">
> <Prompt>#USERNAME#</Prompt>
> </NameCallback>
> <PasswordCallback echoPassword="false">
> <Prompt>#IMPTOKEN#</Prompt>
> </PasswordCallback>
> </Callbacks>
> </ModuleProperties>
>
>
>
>
>
> On 5/2/16, 12:02 PM, "[hidden email] on behalf of Bernhard Thalmayr" <[hidden email] on behalf of [hidden email]> wrote:
>
>> You can define the type of callback in the callback driver XML. How does
>> your callback XML driver file currenly look like?
>>
>> -Bernhard
>>
>> Am 02/05/16 um 17:47 schrieb Rife, Brandon:
>>> Bernhard,
>>>
>>> This is a custom switch account module that allows user A to switch to user B on the fly. We have the concept of primary and secondary users. A primary user is initially authenticated using id/pass or federation but once authenticated can switch to associated secondary users on the fly. This custom module accepts an existing OpenAM session id in X-OpenAM-Username and the user id to switch to in the X-OpenAM-Password header.  While this works it's not ideal.  I'd rather use two NameCallback callbacks but can't find anyway to do that.
>>>
>>>
>>>
>>> On 5/2/16, 10:32 AM, "[hidden email] on behalf of Bernhard Thalmayr" <[hidden email] on behalf of [hidden email]> wrote:
>>>
>>>> This is only a short-cut if a NameCallback and 'PasswordCallback' is
>>>> used by the auth-module.
>>>>
>>>> Why don't you use regular REST authentication as mentioned in
>>>> <a href="https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth">https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth
>>>>
>>>> -Bernhard
>>>>
>>>> Am 02/05/16 um 15:26 schrieb Rife, Brandon:
>>>>> Hi All,
>>>>>
>>>>> OpenAM maps the X-OpenAM-Username and X-OpenAM-Password HTTP headers to the NameCallback and PasswordCallback Java classes when invoking the authentication REST endpoint.  Is it possible to map headers to other Callback classes for custom authentication modules?
>>>>>
>>>>> ________________________________
>>>>>
>>>>> NOTICE: This e-mail and any attachments is intended only for use by the addressee(s) named herein and may contain legally privileged, proprietary or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me via reply email or at (800) 927-9800 and permanently delete the original copy and any copy of any e-mail, and any printout.
>>>>> _______________________________________________
>>>>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>>>>> OpenAM mailing list
>>>>> [hidden email]
>>>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>>>
>>>>
>>>>
>>>> --
>>>> Painstaking Minds
>>>> IT-Consulting Bernhard Thalmayr
>>>> Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
>>>> Tel: +49 (0)8062 7769174
>>>> Mobile: +49 (0)176 55060699
>>>>
>>>> [hidden email] - Solution Architect
>>>> http://www.xing.com/profile/Bernhard_Thalmayr
>>>> http://de.linkedin.com/in/bernhardthalmayr
>>>>
>>>> This e-mail may contain confidential and/or privileged information.If
>>>> you are not the intended recipient (or have received this email in
>>>> error) please notify the sender immediately and delete this e-mail. Any
>>>> unauthorized copying, disclosure or distribution of the material in this
>>>> e-mail is strictly forbidden.
>>>> _______________________________________________
>>>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>>>> OpenAM mailing list
>>>> [hidden email]
>>>> https://lists.forgerock.org/mailman/listinfo/openam
>>> _______________________________________________
>>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>>> OpenAM mailing list
>>> [hidden email]
>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>
>>
>>
>> --
>> Painstaking Minds
>> IT-Consulting Bernhard Thalmayr
>> Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
>> Tel: +49 (0)8062 7769174
>> Mobile: +49 (0)176 55060699
>>
>> [hidden email] - Solution Architect
>> http://www.xing.com/profile/Bernhard_Thalmayr
>> http://de.linkedin.com/in/bernhardthalmayr
>>
>> This e-mail may contain confidential and/or privileged information.If
>> you are not the intended recipient (or have received this email in
>> error) please notify the sender immediately and delete this e-mail. Any
>> unauthorized copying, disclosure or distribution of the material in this
>> e-mail is strictly forbidden.
>> _______________________________________________
>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>> OpenAM mailing list
>> [hidden email]
>> https://lists.forgerock.org/mailman/listinfo/openam
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Header to Callback Mapping

Rife, Brandon
Bernard, I'll take some time to review <a href="https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth">https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth.



On 5/2/16, 2:13 PM, "[hidden email] on behalf of Bernhard Thalmayr" <[hidden email] on behalf of [hidden email]> wrote:

>Brandon, have you tried to look at the detailed example at the link I
>provided? There you see how you have to send the data.
>
>-Bernhard
>
>Am 02/05/16 um 18:24 schrieb Rife, Brandon:
>> Bernard,
>>
>> Assuming that you are referring to the file contents below?  If I changed the PasswordCallback to NameCallback how could the second NameCallback be passed to the REST endpoint?   I understand how it would work with a UI but I want to call the custom authentication module over REST using an endpoint like /openam/json/authenticate?authIndexType=module&authIndexValue=MY_MODULE.
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <ModuleProperties moduleName="SwitchaccountAuth" version="1.0">
>> <Callbacks length="2" order="1" timeout="600">
>> <NameCallback isRequired="true">
>> <Prompt>#USERNAME#</Prompt>
>> </NameCallback>
>> <PasswordCallback echoPassword="false">
>> <Prompt>#IMPTOKEN#</Prompt>
>> </PasswordCallback>
>> </Callbacks>
>> </ModuleProperties>
>>
>>
>>
>>
>>
>> On 5/2/16, 12:02 PM, "[hidden email] on behalf of Bernhard Thalmayr" <[hidden email] on behalf of [hidden email]> wrote:
>>
>>> You can define the type of callback in the callback driver XML. How does
>>> your callback XML driver file currenly look like?
>>>
>>> -Bernhard
>>>
>>> Am 02/05/16 um 17:47 schrieb Rife, Brandon:
>>>> Bernhard,
>>>>
>>>> This is a custom switch account module that allows user A to switch to user B on the fly. We have the concept of primary and secondary users. A primary user is initially authenticated using id/pass or federation but once authenticated can switch to associated secondary users on the fly. This custom module accepts an existing OpenAM session id in X-OpenAM-Username and the user id to switch to in the X-OpenAM-Password header.  While this works it's not ideal.  I'd rather use two NameCallback callbacks but can't find anyway to do that.
>>>>
>>>>
>>>>
>>>> On 5/2/16, 10:32 AM, "[hidden email] on behalf of Bernhard Thalmayr" <[hidden email] on behalf of [hidden email]> wrote:
>>>>
>>>>> This is only a short-cut if a NameCallback and 'PasswordCallback' is
>>>>> used by the auth-module.
>>>>>
>>>>> Why don't you use regular REST authentication as mentioned in
>>>>> <a href="https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth">https://backstage.forgerock.com/#!/docs/openam/13/dev-guide#rest-api-auth
>>>>>
>>>>> -Bernhard
>>>>>
>>>>> Am 02/05/16 um 15:26 schrieb Rife, Brandon:
>>>>>> Hi All,
>>>>>>
>>>>>> OpenAM maps the X-OpenAM-Username and X-OpenAM-Password HTTP headers to the NameCallback and PasswordCallback Java classes when invoking the authentication REST endpoint.  Is it possible to map headers to other Callback classes for custom authentication modules?
>>>>>>
>>>>>> ________________________________
>>>>>>
>>>>>> NOTICE: This e-mail and any attachments is intended only for use by the addressee(s) named herein and may contain legally privileged, proprietary or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me via reply email or at (800) 927-9800 and permanently delete the original copy and any copy of any e-mail, and any printout.
>>>>>> _______________________________________________
>>>>>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>>>>>> OpenAM mailing list
>>>>>> [hidden email]
>>>>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Painstaking Minds
>>>>> IT-Consulting Bernhard Thalmayr
>>>>> Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
>>>>> Tel: +49 (0)8062 7769174
>>>>> Mobile: +49 (0)176 55060699
>>>>>
>>>>> [hidden email] - Solution Architect
>>>>> http://www.xing.com/profile/Bernhard_Thalmayr
>>>>> http://de.linkedin.com/in/bernhardthalmayr
>>>>>
>>>>> This e-mail may contain confidential and/or privileged information.If
>>>>> you are not the intended recipient (or have received this email in
>>>>> error) please notify the sender immediately and delete this e-mail. Any
>>>>> unauthorized copying, disclosure or distribution of the material in this
>>>>> e-mail is strictly forbidden.
>>>>> _______________________________________________
>>>>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>>>>> OpenAM mailing list
>>>>> [hidden email]
>>>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>> _______________________________________________
>>>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>>>> OpenAM mailing list
>>>> [hidden email]
>>>> https://lists.forgerock.org/mailman/listinfo/openam
>>>>
>>>
>>>
>>> --
>>> Painstaking Minds
>>> IT-Consulting Bernhard Thalmayr
>>> Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
>>> Tel: +49 (0)8062 7769174
>>> Mobile: +49 (0)176 55060699
>>>
>>> [hidden email] - Solution Architect
>>> http://www.xing.com/profile/Bernhard_Thalmayr
>>> http://de.linkedin.com/in/bernhardthalmayr
>>>
>>> This e-mail may contain confidential and/or privileged information.If
>>> you are not the intended recipient (or have received this email in
>>> error) please notify the sender immediately and delete this e-mail. Any
>>> unauthorized copying, disclosure or distribution of the material in this
>>> e-mail is strictly forbidden.
>>> _______________________________________________
>>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>>> OpenAM mailing list
>>> [hidden email]
>>> https://lists.forgerock.org/mailman/listinfo/openam
>> _______________________________________________
>> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>> OpenAM mailing list
>> [hidden email]
>> https://lists.forgerock.org/mailman/listinfo/openam
>>
>
>
>--
>Painstaking Minds
>IT-Consulting Bernhard Thalmayr
>Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
>Tel: +49 (0)8062 7769174
>Mobile: +49 (0)176 55060699
>
>[hidden email] - Solution Architect
>http://www.xing.com/profile/Bernhard_Thalmayr
>http://de.linkedin.com/in/bernhardthalmayr
>
>This e-mail may contain confidential and/or privileged information.If
>you are not the intended recipient (or have received this email in
>error) please notify the sender immediately and delete this e-mail. Any
>unauthorized copying, disclosure or distribution of the material in this
>e-mail is strictly forbidden.
>_______________________________________________
>Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
>OpenAM mailing list
>[hidden email]
>https://lists.forgerock.org/mailman/listinfo/openam
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Loading...