Custom Authentication Module reading from HTTP header

Hi all,
we are currently piloting a solution where IS is protected by an access control product (entrust getAccess). We would like to avoid having the user authenticate twice (both to getAccess and then to WebMethods).

For that a possible solution would be to develop a custom authentication module that will read the session information from the HTTP header and check with getAccess to see if the user is authorized for the resource.

so my question is how can I access the HTTP header from the ModuleFactory class in the Authentication module?

any ideas or sample code?

thanks in advance

You might drop an email to the WM Security group. Their address is security {at} webmethods {dot} com.

Open an SR with webMethods and ask for “Building Custom Authentication Modules” pdf (even search advantage site, you might be able to get hold of that document without an SR)

That document would list you all the steps required to build an custom authetication module. This works quite smoothly and years back, I built one for a client for their SSO project (SiteMinder); Basic concepts will remain the same for entrust getAccess.

You might even ask for their “SMTest” tool package; This will provide you with sample code.


Oh… and yes, you would also need to use the Entrust GetAccess UserAPI; Since it is java based API, it will be much easier to integrate the product with webMethods Custom Authentication Module for SSO solution… Refer to the Entrust GetAccess programmers guide for more details on the API…