Would like to know how to authenticate to (for example):
http://www.example.com:8080/openam/UI/Login?realm=CUR&module=CURAuthn
preferably by POSTing JSON via REST over /json/authenticate.
I'm guessing it would be http://www.example.com:8080/openam/UI/Login?realm=CUR&authIndexType=module&authIndexValue=CURAuthn correct?
In any case this module doesn't take the standard X-OpenAM-Username or X-OpenAM-Password headers.
It takes a bunch of custom fields, called ID tokens. For instance it uses IDToken1, IDToken2, IDToken3, ...
How should I go about submitting the tokens to this plugin using the json authentication service? Thanks
All this is explained in the OpenAM's Developer's Guide section 3.4.
The REST URL for your custom module would be:
http://www.example.com:8080/openam/json/authenticate?authIndexType=module&authIndexValue=CURAuthn
If you module doesn't use the standard username/password credentials you'll have to pass your credentials in the request body as JSON.
You would start by sending a empty POST request to OpenAM:
$ curl \
--request POST \
--header "Content-Type: application/json" \
http://www.example.com:8080/openam/json/authenticate?authIndexType=module&authIndexValue=CURAuthn
You should get a response similar to this (based on your custom callbacks):
{
"authId": "eyAid...GDYaEQ",
"template": "",
"stage": "Module11",
"header": "Using CURAuthn",
"callbacks": [
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "FirstCallback"
}
],
"input": [
{
"name": "IDToken1",
"value": ""
}
]
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "SecondCallback"
}
],
"input": [
{
"name": "IDToken2",
"value": ""
}
]
},
//More callbacks here
]
}
After that just collect the credentials from the user input, fill in the empty values and submit the JSON payload back to the same URL. Make sure you use the same "authId" throughout the authentication process.
I wrote a blog post about custom authentication chains and how to communicate with them via REST. Take a look, it might be helpful.