Hi,
We want to use OpenSSO for our authentication and authorization needs but would prefer it talking to database instead of the default LDAP datastore. We found that there is an experimental Database datastore present in the OpenAM 9.0 release.
However, it seems to be just concerned with authentication and user lifecycle management. There is no provision for storing entitlements information in the database datastore. We would want to keep the entire authentication and authorization info in database.
I'm okay to even put some efforts in customizing the code to make OpenAM talk to database for evaluating the policies and decide on what a user can do or cannot do on particular resource. By the way, We have requirements to safe guard several kinds of resources, not just pages(URLs).
I have looked into the code and found that the base datastore classes like com.sun.identity.entitlement.opensso.DataStore.java, com.sun.identity.entitlement.PolicyDataStore.java , com.sun.identity.entitlement.opensso.OpenSSOPolicyDataStore.java
are all tightly bound to LDAP based implementation.
Are there any interfaces or abstract classes which I can customize to make opensso talk to database datastore for its entitlements and policy decisions?
I would be even willing to spend a couple of months effort in getting this work if some can provide any hints using which I can get started.
Thanks and Regards,
Samba