Authenticating Users

This topic describes how you can use the Authentication Manager Service API (Java) to enable your client applications to programmatically authenticate users.

User authentication may be required to interact with an enterprise database or other enterprise repositories that store secure data.

Consider, for example, a scenario where a user enters a user name and password into a web page and submits the values to a J2EE application server hosting Forms. A Forms custom application can authenticate the user with the Authentication Manager service.

If the authentication is successful, the application accesses a secured enterprise database. Otherwise, a message is sent to the user stating that the user is not an authorized user.

The following diagram shows the application’s logic flow.

The following table describes the steps in this diagram

Step

Description

1

The user accesses a web site and specifies a user name and password. This information is submitted to a J2EE application server hosting LiveCycle.

2

The user credentials are authenticated with the Authentication Manager service. If the user credentials are valid, the workflow proceeds to step 3. Otherwise, a message is sent to the user stating that the user is not an authorized user.

3

User information and a form design are retrieved from a secured enterprise database.

4

User information is merged with a form design and the form is rendered to the user.

Summary of steps

To programmatically authenticate a user, perform the following steps:

  1. Include project files.

  2. Create an AuthenticationManagerService client.

  3. Invoke the authentication operation.

  4. If necessary, retrieve the context so that the client application can forward it to another LiveCycle service for authentication.

Include project files

Include necessary files in your development project. If you are creating a client application using Java, then include the necessary JAR files. If you are using web services, then make sure that you include the proxy files.

Create an AuthenticationManagerService client

Before you can programmatically authenticate a user, you must create a AuthenticationManagerService client. When using the Java API, create an AuthenticationManagerServiceClient object.

Invoke the authentication operation

Once you have created the service client, you can then invoke the authentication operation. This operation will need information about the user, such as the user’s name and password. If the user does not authenticate, an exception is thrown.

Retrieve the authentication context

Once you have authenticated the user, you can create a context based in the authenticated user. Then you can use the content to invoke another LiveCycle services. For example, you can use the context to create an EncryptionServiceClient and encrypt a PDF document with a password. Ensure that the user that was authenticated has the role named Services User that is required to invoke a LiveCycle service.

Authenticate a user using the Java API

Authenticate a user using the Authentication Manager Service API (Java):

  1. Include project files.

    Include client JAR files, such as adobe-usermanager-client.jar, in your Java project’s class path.

  2. Create an AuthenticationManagerServices client.

    Create an AuthenticationManagerServiceClient object by using its constructor and passing a ServiceClientFactory object that contains connection properties.

  3. Invoke the authentication operation.

    Invoke the AuthenticationManagerServiceClient object’s authenticate method and pass the following values:

    • A java.lang.String object that contains the user’s name.

    • A byte array (a byte[] object) containing the user’s password. You can obtain the byte[] object by invoking the java.lang.String object’s getBytes method.

    The authenticate method returns an AuthResult object, which contains information about the authenticated user.

  4. Retrieve the authentication context.

    Invoke the ServiceClientFactory object’s getContext method, which will return a Context object.

    Then invoke the Context object’s initPrincipal method and pass the AuthResult.

Authenticate a user using the web service API

Authenticate a user using the Authentication Manager Service API (web service):

  1. Include project files.

  2. Create an AuthenticationManagerService client.

    Create a AuthenticationManagerServiceService object by using your proxy class’ constructor.

  3. Invoke the authentication operation.

    Invoke the AuthenticationManagerServiceClient object’s authenticate method and pass the following values:

    • A string object that contains the user’s name

    • A byte array (a byte[] object) containing the user’s password. You can obtain the byte[] object by converting a string object containing the password to a byte[] array using the logic shown in the example below.

    • The returned value will be an AuthResult object, which can be used to retrieve information about the user. In the example below, the user’s information is retrieved by first obtaining the AuthResult object’s authenticatedUser field and subsequently obtaining the resultant User object’s canonicalName and domainName fields.