Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Develop with virtual member manager > Integrate virtual member manager into the application > Program tasks

Test a certificate map

Use this procedure to test the certificate map.

About this task

If we have difficulties logging in with an X509 certificate, follow this procedure to test the certificate map.

Procedure

1. Create a self-signed certificate. For example, you can use the keytool in JDK to create and export the certificate using file name client.cer:

   keytool -genkey -alias client-alias -keyalg RSA -keypass changeit -storepass changeit
           -keystore keystore.jks
   
   keytool -export -alias client-alias -storepass changeit -file client.cer -keystore keystore.jks
   

2. Create a LDAP entry that matches the input in that you used in creating the certificate.

3. Use the following code to read the certificate from file and set in the input data graph.

   InputStream inStream = new FileInputStream("AbsolutePathToclient.cer");
   CertificateFactory cf = CertificateFactory.getInstance("X.509");
   X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
   inStream.close();
   
   
   DataObject root = SDOHelper.createRootDataObject();
   DataObject entity = SDOHelper.createEntityDataObject(root, null, DO_LOGIN_ACCOUNT);
   entity.getList(PROP_CERTIFICATE).add(cert.getEncoded());
   
   DataObject loginCtrl = SDOHelper.createControlDataObject(root, null, DO_LOGIN_CONTROL);
   loginCtrl.getList(PROP_PROPERTIES).add("sn");
   loginCtrl.getList(PROP_PROPERTIES).add("cn");
   
           root = service.login(root);
           entity = root.getDataObject("entities.0");
           DataObject id = entity.getDataObject(DO_IDENTIFIER);
   

4. Make the following configuration changes: Add c=CA to the base entry and realm in wimconfig.xml. Choose certificateMapMode and filter. For example:

   <config:repositories xsi:type="config:LdapRepositoryType" id="LDAP1" supportPaging="true"
           supportSorting="true" ldapServerType="IDS51"
           certificateMapMode="filterDescriptorMode"
           certificateFilter="(cn=${SubjectCN})">
   <config:baseEntries name="c=CA"/>
   <config:baseEntries name="cn=users,dc=yourco,dc=com"/>
   <config:baseEntries name="cn=groups,dc=yourco,dc=com"/>
   
   <config:realmConfiguration defaultRealm="YourCo" >
   <!-- realm definitions -->  
   <config:realms
            name="YourCo"
            securityUse="active"
          delimiter="@">
   <config:participatingBaseEntries name="c=CA"/>
   <config:participatingBaseEntries name="cn=users,dc=yourco,dc=com"/>
   <config:participatingBaseEntries name="cn=groups,dc=yourco,dc=com"/> 

5. Start virtual member manager and run the sample code.

Sample input and output data graphs

For this particular example the input data graph is:

<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo"
    xmlns:wim="//www.ibm.com/websphere/wim">
<changeSummary/>
<wim:Root>
<wim:entities xsi:type="wim:LoginAccount">
<wim:certificate>MIICRDCCAa2gAwIBAgIEQyDq1DANBgkqhkiG9w0BAQQFADBnMQswCQYDVQQG
EwJDQTEQMA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzEMMAoGA1UEChMDSUJNMRAwDgYDVQQ
LEwdUb3JvbGFiMRQwEgYDVQQDEwtBbmR5IFpodWFuZzAeFw0wNTA5MDkwMTUyMjBaFw0wNTEyMDgwMTUyMj
BaMGcxCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMRAwDgYDVQQHEwdUb3JvbnRvMQwwCgYDVQQKE
wNJQk0xEDAOBgNVBAsTB1Rvcm9sYWIxFDASBgNVBAMTC0FuZHkgWmh1YW5nMIGeMA0GCSqGSIb3DQEBAQUA
A4GMADCBiAKBgH6gxHdmEvgaA8QiyK63Wjk+5uAmoZZuyfbJ9UraVeybRnsW7A+CKwT9ewKA72oxRloLeeY
tOxdoOyiPB9caVtw8X112PcwmhkXQ3ZvYya8KnbSBvRMcz47/ZSo1SDBVc9EmsQJNlgDmGdDY31uGl2AjdL
1MdkO2AP2dCUj6mwULAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAbuSmkOlo+OibEcB9saookyrxSfoUbna4L
jsUHXdQ1b2IPjySILcxYuRioJt/eL5IpEwPGBZRY/K+G9iAkLVmb815WRvHXHzrL5kUbR2umbPq2EzzdNJC
twn/Eo17yDeinAKQ4QN9ESKAMuSQ7M9TU3WRC6/dFHCO/oWvOOrEFqw=
</wim:certificate>
</wim:entities>
<wim:controls xsi:type="wim:LoginControl">
<wim:properties>sn
</wim:properties>
<wim:properties>cn
</wim:properties>
</wim:controls>
</wim:Root>
</sdo:datagraph> 

The resulting output data graph for this example is:

<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo"
    xmlns:wim="//www.ibm.com/websphere/wim">
<changeSummary/>
<wim:Root>
<wim:entities xsi:type="wim:PersonAccount">
<wim:identifier externalName="cn=Andy Zhuang,ou=Torolab,o=IBM,l=Toronto,st=Ontario,c=CA"
          repositoryId="LDAP1"
          uniqueId="4e6a53e8-6d0a-439a-9304-f6329ee1b8b5"
          uniqueName="cn=Andy Zhuang,ou=Torolab,o=IBM,l=Toronto,st=Ontario,c=CA"/>
<wim:cn>Andy Zhuang
</wim:cn>
<wim:sn>Zhuang
</wim:sn>
</wim:entities>
</wim:Root>
</sdo:datagraph> 

Parent topic: Program tasks

---

+

Search Tips   |   Advanced Search