OpenAM 13.5 vs. OpenSSO 8 "Custom Authentication Modules"

This topic has 3 replies, 2 voices, and was last updated 5 years, 8 months ago by Peter Major.

  • Author
    Posts
  • #15577
     nikolaosinlight
    Participant

    Hello,

    If I compare OpenAM 13.5 and OpenSSO 8 custom authentication modules the interface, XML and even the default samples appears 100% identical. In fact, if I develop a OpenAM Custom Authentication Module I would compile strictly against what are clearly OpenSSO (and even appear to be earlier like Sun AM) JARs:
    – amserver.jar
    – opensso-sharedlib.jar
    – servlet-api.jar

    QUESTION: Can someone please confirm that they are identical? I know the product history just seeking confirmation from others that OpenAM and OpenSSO Custom Auth Module development is the same!

    Thank You,

    –Nikolaos

    #15582
     Peter Major
    Moderator

    The new versions should have introduced generics along the way and possible a few new methods. The code may still compile against the old JARs, but the behavior can be quite different (especially around 0-byte length callbacks that can now be 0 length callback definitions). The service XMLs have received a new mandatory resourceName attribute as well, so all in all: an auth module written for OpenSSO will most likely not work with OpenAM without some adjustments.

    #15583
     nikolaosinlight
    Participant

    Hello Peter,

    Thank You for that information. So it would appear that although an OpenSSO CAM may not work immediately out of the box that after several extremely “minor” adjustments (i.e. accounting for generics and perhaps some new methods, adding XML mandatory attribute and adjusting 0 length callbacks) that an OpenSSO CAM can be quite easily dropped in as an OpenAM CAM. In other words, I understand they are not identical but it appears the differences are very minor.

    Would you agree with that statement?

    –Nikolaos

    #15586
     Peter Major
    Moderator

    The changes are mostly minor, yes. If your module used old APIs (such as Netscape LDAP SDK), then you may need to rewrite a lot more things though. The basic concepts of how the authentication modules work certainly hasn’t changed.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?