10.3:documentation:adm:openam

An authenticator must belong to one of the backend modules. You can create a new module, or choose an existing one. An authenticator will be called during authentication process only when the module is enabled.

Authentication - creating a new authentication method

You can add a new authentication method to CzechIdM. The authentication will be typically done by some external authority, such as OpenAM, OAuth, Facebook, Google etc. In order to do so, you need to create a new authenticator. After you have installed an authenticator, users will be allowed to authenticate to CzechIdM (using CzechIdM login page) by the new authentication method.

A single-sign on

Something different holds for a single-sign-on or SSO. If you want the users to come to CzechIdM and be immediately logged in without the need to provide any credentials (or be redirected to some other login page of e.g. Facebook), you need to implement a new IdmAuthenticationFilter (see SSO).

A combination of both situations is possible, e.g. the OpenAM module supports both SSO (if the user already has OpenAM token) and authentication against OpenAM through CzechIdM login page.

Step 1 - Choose the module Step 2 - Create an Authenticator class Step 3 - Implement the authentication method Step 4 - Implement tests Step 5 - Build and install - make sure your module is enabled in the Configuration.

Step 1 - Choose a module Step 2 - Create an IdmAuthenticationFilter class Step 3 - Specify headers and implement the authentication method Step 4 - Implement the tests Step 5 - Build and install - make sure your module is enabled in the Configuration.