Wednesday 22 June 2016

How to read and write shared state in the OpenAM Scripted Module

If you've used OpenAM for a while, you will probably know that it has a concept of shared state; a map of values that can be passed from one authentication module to the next in an authentication chain. You can use the iplanet-am-auth-store-shared-state-enabled and iplanet-am-auth-shared-state-enabled keywords to direct modules to put credentials into shared state, or read the credentials from shared state and try to use them.

If you have a scripted module in your OpenAM authentication chain,  you may want to pass credentials from the scripted module to other modules in the chain. Or you may want to access credentials that have been set in a preceding authentication module.

To read the username and password entered in a previous module in the authentication chain, you can use the following javascript in your server side authentication script:

//get username and password from shared state
var someUserName = sharedState.get("javax.security.auth.login.name");
var somePassword = sharedState.get("javax.security.auth.login.password");
And to put a username and password into shared state:
//set the username and password for other authentication modules to use
sharedState.put("javax.security.auth.login.password",someUserName);
sharedState.put("javax.security.auth.login.password",somePassword);