JBoss Community Archive (Read Only)

PicketBox

Authentication

Introduction

This section gives you an overview about how users are authenticated using PicketBox.

When authenticating an user you must check that the provided credentials are valid by checking them against some pre-configured identity store. Beside that, the authentication is also responsible for retrieving user's additional information like roles, groups and attributes and to create a security context where those informations are stored for later use.

Some of the key authentication features provided by PicketBox are:

  • Centralized authentication.
    All authentication is done using the PicketBoxManager. This is the only component that your application should interact when authenticating users.

  • Pluggable Authentication Mechanisms and Credentials type.
    Credentials types and authentication mechanisms provide a flexible design to authenticate your users in different ways. Eg.: OTP, username and password, digest, certificate or any security token.

  • Identity Management support.
    PicketBox is fully integrated with the PicketLink IDM project. That means, you can choose between different identity store implementations and use the Identity Manager component to manage your users, roles, groups, attributes or any other security related information.

  • Event Handling Support.
    You can listen for specific events during the authentication like for example when an user is authenticated or when the authentication failed.

Take a look at the PicketBox Basic Concepts documentation.

How it works ?

Under a user perspective, the authentication process is very simple and requires few steps.

images/author/download/attachments/53379423/auth_overview.png

Check this tutorial for a complete implementation of the steps above.

The diagram above looks at the authentication process under a user perspective. Internally, this process can be resumed as:

  1. Validate User Credentials
    Validate the user credentials against the registered authentication mechanism and creates a java.security.Principal representing the validated user. At this point the Identity Manager is used to check if the user exists and validate the credentials.
     

  2. Populate User's attributes, roles, groups or any security related information
    If the validation was successful, populate the user context with additional info using the User Context Populator. At this point the Identity Manager is used to query a specific identity store.
     

  3. Authenticate the User
    Performs some additional validation and authenticates the user

  images/author/download/attachments/53379423/auth_pbmanager_overview.png

Authentication Mechanisms and Credential Types

Please, check this documentation for more information.

JBoss.org Content Archive (Read Only), exported from JBoss Community Documentation Editor at 2020-03-11 12:16:19 UTC, last content change 2012-11-02 19:09:45 UTC.