This topic has 5 replies, 3 voices, and was last updated 1 year, 2 months ago by Peter Major.

  • Author
  • #25757


    I am comparing the Auth-module with the latest Auth-tree framework as we are now replacing Modules everywhere.
    So as we know when we create a new custom module, there are basically 4 important artifacts to prepare. for eg., (java module file)
    MyCustomAuthService.xml (to inject it in the openAM)
    MyCustomAuth.xml (callback file)

    Now if we talk about the Trees, I have corresponding files for the first 3
    But the most important file i.e., the Callback file is where I have confusion.
    In my am-external-releases-6.5.1\openam-auth-trees\auth-nodes, where will the callback xml go ?

    Really appreciate if somebody clarifies this callback functionality with respect to trees and how the Order/state of the callback reaches to my Node java class etc.



    Hi ranjit,

    In Authentication Nodes, there is no equivalent to the callback file – it is not needed.



    Thanks James for your clarification.
    So just to solidify, when no callback file is needed, then for eg., if I have a node which is doing like

    send(new NameCallback(bundle.getString(“callback.username”))).build();

    how would I accurately process the responses ?
    In order to process responses to callbacks, it is necessary to know which callback is at which position in the list.
    So where would I do the ordering which otherwise in the module xml file it was like as below, where my module java code will return the right order number and then the UI framework will present the corresponding callback page.

    <ModuleProperties moduleName=”SampleAuth” version=”1.0″ >
    <Callbacks length=”0″ order=”1″ timeout=”600″ header=”#WILL NOT BE SHOWN#” />

    <Callbacks length=”2″ order=”2″ timeout=”600″ header=”#WILL BE SUBSTITUTED#” >
    <NameCallback isRequired=”true”>
    <PasswordCallback echoPassword=”false” >
    <Callbacks length=”1″ order=”3″ timeout=”600″ header=”#WILL BE SUBSTITUTED#” error=”true” >
    <Prompt>#THE DUMMY WILL NEVER BE SHOWN#</Prompt>

     Peter Major

    I think the basic idea is that authentication nodes are less complex, and as such they should only ask for limited set of callbacks. Potentially what you would need to do is to separate the complex authentication module to several smaller authn nodes that each deal with a certain use-case ~one per module state).


    Thanks Peter.

    Yes, I am totally on-board with the concept i.e., the nodes should have a very granular functionality.
    But still that does not totally write-off the important aspect of callback.xml file. Let me elaborate a little.

    Let’s pick the simplest node i.e., PasswordCollectorNode
    user puts password. Assume that all checking happens in the Node’s process() method.
    Now if the password strength is not correct, I want the user to send back the same UI with the message that you have not put the strong password.

    The current implementation would be just doing something like
    ResourceBundle bundle = context.request.locales.getBundleInPreferredLocale(BUNDLE, getClass().getClassLoader());
    return send(new PasswordCallback(bundle.getString(“callback.password”), false)).build();

    So without the callback.xml,
    1. how do I send the same page with the error
    2. In the callback.xml we use to have Attributes like “timeout”, “template” and “image” that define the UI or page level attributes for the UI customization.

    Would you please explain how the XUI of collector nodes is prepared ?


     Peter Major

    Collecting input and making decision based on input does not have to be implemented as a single node. The Username Collector node and the datastore decision nodes are good example of this. There are other nodes that do collection and decision at the same time, and that’s fine too.

    Displaying text to end-users can be achieved by using TextOutputCallbacks. When your node detects that something is wrong with the input, you could send back a different set of callbacks, where a text output callback would also print the relevant error message.

    * Timeout is irrelevant.
    * The template is probably only relevant for page nodes:
    * no idea about image, that may be a long forgotten, now obsolete feature.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?