Voucher Propagation Plug-ins

About the Voucher Propagation Callout Handler

The Voucher Propagation Callout provides an extension point to the voucher authentication method. DirX Access native voucher login module handles the correlation of input data (such as communication address or username) and generates vouchers or links for voucher consumers (DirX Access Authentication applications or custom applications when SSO REST API is used). The callout, on the other hand, provides flexibility by enabling the voucher propagation through various external channels, such as email, SMS or QR code. The callout can also validate the communication before sending the voucher.

Developing a Voucher Propagation Callout Handler

This section describes the tasks necessary for developing a custom voucher callout handler.

Externalizing Voucher Propagation flow from the DirX Access Server

The DirX Access Server allows externalizing password propagation flow through a plug-in interface. This method requires creating a voucher propagation callout handler that implements the VoucherPropagationCallout interface (net.atos.dirx.access.authn.api.callout.VoucherPropagationCallout). The interface is based on the general Callback interface enabling access to the internal DXA server services (e.g., authentication service, application repository (configuration, policy, and user credentials) service, etc.). The implementing class must be contained within an exported package of an OSGi bundle.

Employing a Voucher Propagation Callout Handler

The steps needed to employ the custom callout handler are outlined in the section Employing External Plug-in Modules.

Using a Voucher Propagation Callout Handler

This section describes the tasks that need to be performed to use a voucher propagation callout handler.

Prerequisites

To successfully employ the custom voucher propagation callout handler, the OSGi bundle exporting the package containing the callout implementation must be installed on the DirX Access Server. To accomplish this task, make sure you have performed all of the steps described in the section Employing External Plug-in Modules.

Configuring the Custom Voucher Propagation Callout Handler at the DirX Access Server

To configure the custom voucher propagation callout handler at the DirX Access Server:

  • In DirX Access Manager, go to Configuration | Extension modules.

  • Create the callout handler <CalloutIdentifier>:

    • Go to callout handlers and click the “add” icon to create a new callout handler.

    • Identifier: <CalloutIdentifier>.

    • Description: arbitrary.

    • Type: select VoucherPropagationEvents.

    • Class name: enter the fully-qualified Java class name of the callout implementation.

    • Click Save.

  • In DirX Access Manager, go to Authentication | Methods | Voucher:

    • Select an authentication method to which the custom handler should be assigned.

    • In the callout handler identifier drop-down box, select the desired <CalloutIdentifier>.

    • Click Save.