SSO Event Plug-ins

DirX Access supports callout handler plug-ins to externalize the handling of SSO events; for example, to update dependent session state in third-party systems. This chapter describes the steps needed to employ the SSO event plug-in and its subsequent use.

About SSO Event Plug-ins

An SSO event plug-in is a system entity that allows third-party systems to react to SSO events occurring in DirX Access. The SSO events include:

  • SessionCreation occurs upon successful authentication,

  • SessionAugmentation occurs upon editing of an existing SSO session with opaque data,

  • SessionIdleout occurs if the time since the last SSO request exceeds the session idle timeout (see PEPs in the Administrative Tasks),

  • SessionTimeout occurs if the time since the initial SSO request exceeds the session lifetime (see PEPs in the Administrative Tasks),

  • UserLogout occurs upon successful user-activated log out action,

  • AdminLogout occurs upon successful system-activated log out action, including the actions leading to SessionIdleout and SessionTimeout.

The SessionTimeout and SessionIdleout events may occur with a delay determined by the SSO validation interval (see Cluster in the Administrative Tasks). A use case for an SSO event plug-in is a solution that augments the SSO session state of users authenticated in DirX Access with its own session data (opaque to DirX Access) and thus requires triggering when SSO events occur.

Developing an SSO Event Plug-in

This section describes the tasks necessary for developing a custom SSO event plug-in.

Externalizing SSO Event Handling from the DirX Access Server

The DirX Access Server allows externalizing SSO event handling through a plug-in interface. This method requires creating an SSO event handler that implements the SSOCallout interface (net.atos.dirx.access.sso.api.callout.SSOCallout). The implementing class must be contained within an exported package of an OSGi bundle.

Employing an SSO Event Handler

The steps needed to employ the custom callout handler are outlined in the section Employing External Plug-in Modules.

Using the Custom SSO Event Handler

The following tasks need to be performed to use a custom SSO event handler. Before starting to configure the DirX Access Server, make sure to run through all the steps in the section Employing External Plug-in Modules.

Prerequisites

To successfully employ the custom SSO event handler, the OSGi bundle exporting the package containing the callout implementation must be installed on the DirX Access Server. To accomplish this task, make sure you have performed all of the steps described in the section Employing External Plug-in Modules.

Configuring the Custom SSO Event Plug-in at the DirX Access Server

To configure the custom SSO event plug-in at the DirX Access Server:

  • In DirX Access Manager, go to Configuration | Extension modules.

  • Create the callout handler <CalloutIdentifier>.

    • Go to Callout handlers and then click the “add” icon to create a new callout handler.

    • Identifier: <CalloutIdentifier>.

    • Description: arbitrary.

    • Type: select SsoEvents.

    • Class name: enter the fully-qualified Java class name of the callout implementation.

    • Click Save.

  • In DirX Access Manager, go to Servers | Cluster.

    • Select a server identifier for which the custom SSO event handler shall be added.

    • In the right-hand helper SSO callout handlers, select <CalloutIdentifier> and then click it.

    • Click Save.