There are situations where we need to authenticate against against multiple repositories. For example, we may want to authenticate internal users against LDAP and external users against the default openiam repository. The challenge then is to determine the type of user and then to user utilize the appropriate login module.
The policy parameters shown above allow you to define a module selection policy - LOGIN_MODULE_SEL_POLCY. This policy is essentially logic that is in a script. The sample below shows how we can look at a users type to determine which login module to pick.if (user.classification == "INT") {
output="org.openiam.idm.srvc.auth.spi.LDAPLoginModule"
}else{
output="org.openiam.idm.srvc.auth.spi.DefaultLoginModule"
}
Labels: