This document provides a summary of an presentation on single sign-on (SSO) solutions. It begins with an overview of the goals of presenting on open source SSO solutions and providing a comparison. The agenda then covers what SSO is, a survey of major open source SSO players like OpenSSO, JOSSO and CAS, head-to-head comparisons of the solutions, and leaves time for questions. Specific points covered include configurations, architectures, integration capabilities and customization options for each solution.
SSO IN/With Drupal and Identitiy ManagementManish Harsh
This presentation is a result of research and evaluation for SSO and IDM majorly focused to Drupal CMS.
Enterprises, corporations and companies with multiple web properties are struggling to provide a better user experience and offer a single "corporate ID" and "Password" as the key for all.
This single ID should be used across all the properties and corporations should still be able to manage the access level and permission of the respective user based on the grants assigned to this ID in each web property.
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
SSO is not a new concept, even we’ve heard very much in your work or research. It's useful but it’s really belong to administration/management people? It's interesting for users but it's really complex and headache for someone implement it? Especially nowadays, we are in an age of Troika Computing: Cloud, Social Network, Mobile, Big data and federation problems. So, with being a professional organisation, or being a skilled member in development team, you will start from where? what is your knowledge about it? which methods will you choose to implement in your organisation? how to develop or intergrate to your customers' products? how does your organisation deploy to support customers and partners...
Outline :
Introduction of SSO
Need of SSO
Simple SSO process
Types of SSO
Architecture of web SSO system
Kerberos-Based Authentication
How it works?
Conclusion
References
For more info: http://scn.sap.com/community/sso.
SAP Single Sign-On enables companies to eliminate the need for multiple passwords and user IDs. Centralize and simplify the way users log on to systems and applications. Lower the risks of unsecured login information, reduce help desk calls, and help ensure the confidentiality and security of personal and company data.
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLJ V
Alfresco Summit 2013 (Barcelona and Boston)
This talk will provide an introduction to the OASIS SAML standard (Security Assertion Markup Language) and then describe in detail how we use OpenSAML to provide secure SSO to Alfresco Cloud in a multi-tenant environment, both in terms of Share and the core Repository. We will demonstrate the steps required for an Enterprise Network Admin to setup a trusted SAML connection ('circle of trust') to their chosen Identity Provider (IdP) such as Centrify, Ping Identity, ForgeRock OpenAM (formerly Sun OpenSSO) or potentially any other type of IdP that supports SAML v2.0. We will also discuss possible future requirements and improvements.
http://summit.alfresco.com/boston/sessions/implementing-secure-single-sign-sso-opensaml
http://www.youtube.com/watch?v=KroIZa1co6g
Java EE Application Security With PicketLinkpigorcraveiro
In this presentation we will take a look at PicketLink, a security framework for Java EE and learn how its identity management, authentication and authorization features can be used to address the security requirements for all aspects of application development.
These slides are supposed to help you understand the basics of application security, and how the latest technologies come together to enable you to reduce the number of times people at your organization need to authenticate.
For more information visit. http://gluu.org
BriForum 2014 Boston
Dan Brinkmann presents on Identity Providers, SAML, and OAuth. An example of setting up Office 365 to use Active Directory Federation Services is also shown.
How to deploy SharePoint 2010 to external users?rlsoft
A presentation about all the different aspects to be aware of when deploying SharePoint 2010 as an extranet platform, as well as the available options for network topologies and authentication methods.
SSO IN/With Drupal and Identitiy ManagementManish Harsh
This presentation is a result of research and evaluation for SSO and IDM majorly focused to Drupal CMS.
Enterprises, corporations and companies with multiple web properties are struggling to provide a better user experience and offer a single "corporate ID" and "Password" as the key for all.
This single ID should be used across all the properties and corporations should still be able to manage the access level and permission of the respective user based on the grants assigned to this ID in each web property.
Single sign on (SSO) How does your company apply?Đỗ Duy Trung
SSO is not a new concept, even we’ve heard very much in your work or research. It's useful but it’s really belong to administration/management people? It's interesting for users but it's really complex and headache for someone implement it? Especially nowadays, we are in an age of Troika Computing: Cloud, Social Network, Mobile, Big data and federation problems. So, with being a professional organisation, or being a skilled member in development team, you will start from where? what is your knowledge about it? which methods will you choose to implement in your organisation? how to develop or intergrate to your customers' products? how does your organisation deploy to support customers and partners...
Outline :
Introduction of SSO
Need of SSO
Simple SSO process
Types of SSO
Architecture of web SSO system
Kerberos-Based Authentication
How it works?
Conclusion
References
For more info: http://scn.sap.com/community/sso.
SAP Single Sign-On enables companies to eliminate the need for multiple passwords and user IDs. Centralize and simplify the way users log on to systems and applications. Lower the risks of unsecured login information, reduce help desk calls, and help ensure the confidentiality and security of personal and company data.
Alfresco: Implementing secure single sign on (SSO) with OpenSAMLJ V
Alfresco Summit 2013 (Barcelona and Boston)
This talk will provide an introduction to the OASIS SAML standard (Security Assertion Markup Language) and then describe in detail how we use OpenSAML to provide secure SSO to Alfresco Cloud in a multi-tenant environment, both in terms of Share and the core Repository. We will demonstrate the steps required for an Enterprise Network Admin to setup a trusted SAML connection ('circle of trust') to their chosen Identity Provider (IdP) such as Centrify, Ping Identity, ForgeRock OpenAM (formerly Sun OpenSSO) or potentially any other type of IdP that supports SAML v2.0. We will also discuss possible future requirements and improvements.
http://summit.alfresco.com/boston/sessions/implementing-secure-single-sign-sso-opensaml
http://www.youtube.com/watch?v=KroIZa1co6g
Java EE Application Security With PicketLinkpigorcraveiro
In this presentation we will take a look at PicketLink, a security framework for Java EE and learn how its identity management, authentication and authorization features can be used to address the security requirements for all aspects of application development.
These slides are supposed to help you understand the basics of application security, and how the latest technologies come together to enable you to reduce the number of times people at your organization need to authenticate.
For more information visit. http://gluu.org
BriForum 2014 Boston
Dan Brinkmann presents on Identity Providers, SAML, and OAuth. An example of setting up Office 365 to use Active Directory Federation Services is also shown.
How to deploy SharePoint 2010 to external users?rlsoft
A presentation about all the different aspects to be aware of when deploying SharePoint 2010 as an extranet platform, as well as the available options for network topologies and authentication methods.
Building an SSO platform in php (Zendcon 2010)Ivo Jansch
A presentation explaining how to build Single Sign On functionality in PHP using standards such as OpenID, OAuth and SAML. Delivered on November 4, 2010 at Zendcon in Santa Clara
As the industry’s first enterprise identity bus (EIB), WSO2 Identity Server is the central backbone that connects and manages multiple identities across applications, APIs, the cloud, mobile, and Internet of Things devices, regardless of the standards on which they are based. The multi-tenant WSO2 Identity Server can be deployed directly on servers or in the cloud, and has the ability to propagate identities across geographical and enterprise borders in a connected business environment.
Upgrading to cas 4.0 at oakland universitybpowell29a
How Oakland University upgraded from CAS 3.5 to CAS 4. Talk about the new CAS management web application and how it manages services. Want CAS to release attributes like Shibboleth? With CAS4 this can be done. Show how to configure the CAS manager to use LDAP attributes as an authentication source instead of flat files. Responsive design is the next thing in web development. That concept can be applied to CAS4 with Bootstrap. Show how HazelCast can share information between nodes. Use Google Apps for Education? So do we! Learn how to configure CAS with Google Apps for Education.
WSO2 Product Release Webinar: WSO2 Identity Server 5.2.0WSO2
In this webinar, Johann Nallathamby, technical lead at WSO2, will discuss WSO2 Identity Server's newest enhancements that include authentication analytics, OpenID Connect Session Management support and more.
"Esup CAS Packaging" : Deploy and customize easily a CAS4 serverLudovic A
Github repository: https://github.com/EsupPortail/cas-toolbox-new
Since 2003, the Esup-portail consortium has developed and has provided tools to facilitate CAS server implementation at french universities and establishments.
This presentation will focus on the newest Esup CAS-toolbox v4 based on the Apereo CAS4 server distribution.
CAS-toolbox is a tool for
- Deploying a CAS server into an existing Tomcat installation,
- Simplifying and centralizing CAS configuration,
- Customizing the CAS server.
The "new Esup cas-toolbox" is designed to handle different configuration and/or customization levels with Maven WAR overlays :
- the 'cas-toolbox-core' folder contains the first level of Esup addons and preconfigurations to the original Apereo CAS server distribution.
- the 'cas-toolbox-custom' folder only contains the specific configurations and customizations files of the institution.
- the 'config.properties' file allows to centralize all properties.
SAP is the most popular business application. There are more than one hundred eighty thousand installations all over the world. But people spend enormous amounts of money to install it and then forget about security. In ERP systems, all business processes are performed, all critical information is stored.
The presentation describes how SAP Portal works and kinds of attacks it can be exposed to.
Java EE 8 Overview (Sept 2015). A lot of work is already done by the Expert Groups so lets have a brief look for what we can expect in the some areas.
- Servlet 4 will embrace the new HTTP/2 protocol.
- JSON-B will bring the same high level features of JAXB to the JSON data format.
- Server-Sent Events(SSE) is the WebSocket variant where you only send data from the server to the client.
- MVC will be the Action based MVC complement of the Component based MVC of JSF.
- Some major restructuring of CDI so that we can use it standardised in Java SE to mention one thing.
The Java EE security API will be covered in more detail. Security related things became old and dusty and needs to move away from proprietary configuration to be able to make the transition to the cloud. An introduction to JSR 375 is given, which promotes self-contained application portability across Java EE servers, and promotes the use of modern programming concepts such as Expression Language, and CDI. It will holistically attempt to simplify, standardize, and modernize the Security API across the platform in areas identified by the community.
What’s new in Java SE, EE, ME, Embedded world & new StrategyMohamed Taman
In this presentation, I have presented the history of Java EE from v1.0 to our latest Java EE 7.0, what is new and a brief introduction to each minor and major change to existing JSRs, and new JSRs with code to show simplifications and enhancements.
Also talked about our future Java EE 8 components alongside JDK 8 with major updates and JSRs, profiling concepts and more.
In addition, I have explained the IoT concepts with demo. Intro to the importance of Java Embedded systems world. With intro to Raspberry Pi and dukePad.
Agenda:
http://egjug.org/page/java_ee_7_8_and_beyond
Login information and group memberships (identity) often are centrally managed in Enterprises. Many systems use this information to, for example, achieve Single Sign On (SSO) functionality. Surprisingly, access to the Weblogic Server Console and applications is often not centrally managed. I will explain why centralizing management of these identities, in addition to increased security, quickly starts reducing operational cost and even increases developer productivity. During a demonstration, I will introduce several methods for debugging authentication using an external authentication provider in order to lower the bar to apply this pattern. This technically oriented presentation is especially useful for people working in operations managing Weblogic Servers.
WildFly AppServer - State of the Union
as presented at SoftShake Geneva, Oct 2015
http://soft-shake.ch/2015/en/
Covering the whole WildFly v8/9/10 series and the key aspects of the base AS7 architecture.
Introduction to the WSO2 Identity Server &Contributing to an OS ProjectMichael J Geiser
This is an overview of the WSO2 Identity Server and a customization we built that will be contributed back into the product. There is also some additional content on Coding Standards and being an LDAP an Directory Server hater
Amazon Webservices for Java Developers - UCI WebinarCraig Dickson
Amazon Web Services (AWS) offers IT infrastructure services to businesses in the form of web services - now commonly known as cloud computing. AWS is an ideal platform to develop on and host enterprise Java applications, due to the zero up front costs and virtually infinite scalability of resources. Learn basic AWS concepts and work with many of the available services. Gain an understanding of how existing JavaEE applications can be migrated to the AWS environment and what the advantages are. Discover how to architect a new JavaEE application from the ground up to leverage the AWS environment for maximum benefit.
Dead-Simple Deployment: Headache-Free Java Web Applications in the CloudCraig Dickson
I presented this at JavaOne 2011 on October 6th. It discusses some of the problems related to environment provisioning that enterprise Java developers face and how the new Platform-as-a-Service (PaaS) product from Amazon Web Services called Elastic Beanstalk can solve some of those problems.
Rapid RESTful Web Applications with Apache Sling and JackrabbitCraig Dickson
This is the presentation from JavaOne 2011 that Ruben Reusser and I worked on. The presentation was heavily demonstration based, so there are not as many slides.
Java PaaS Vendor Survey - September 2011Craig Dickson
Cloud computing is revolutionizing the software development industry, no more so than in the Java application space.
The first generation of cloud computing has been focused on virtualizing and managing infrastructure resources such as machines, networks, operating systems and servers.
The emerging 2nd generation of cloud computing brings an abstraction layer over that 1st generation where we see a movement away from low level system resources and instead focus on the application layer. The Platform-as-a-Service model allows developers to concentrate more on application development and then deploy that application to a managed application execution environment in the cloud without needing to deal with provisioning and configuring machines, operating systems and application servers.
The Platform-as-a-Service market for Java applications has exploded in 2011 with a flurry of vendors announcing offerings and a lot of merger and acquisition activity.
Let take a look at where Java Platform-as-a-Service stands today.
How to test drive development using LinuxCraig Dickson
This is a lightning presentation given by Cardell Rice that demonstrates how easy it is to test drive an Ubuntu Linux install from a USB drive, without disrupting the main OS on your machine.
This is a lightning presentation given by Anita Barabe to our team introducing the new Google Wave tool and got us talking about how we might leverage it to the team's benefit.
This is a lightning presentation given by Gorkey Vemulapalli to our team introducing the basics of Palm's new WebOS platform being used on the Palm Pre device.
Java Persistence API (JPA) - A Brief OverviewCraig Dickson
This is a lightning presentation given by Scott Rabon, a member of my development team. He presents a high level overview of the JPA based on his first exposure to it.
This is a lightning presentation given by Nhan Nguyen to our team for the purpose of knowledge sharing in support of our efforts to create a culture of learning.
Performance Analysis and Monitoring with Perf4jCraig Dickson
This is a lightning presentation given by Sudhan Kanade to our team for the purpose of knowledge sharing in support of our efforts to create a culture of learning.
This is a lightning presentation given by Sean Chung to our team to summarize a presentation he saw at JavaOne 2009. Sean also adds a slight spin to the original presentation by including Adobe Flex as an additional comparison axis.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4
Fast and Free SSO: A Survey of Open-Source Solutions to Single Sign-on
1. Fast and Free SSO: A Survey
of Open-Source Solutions to
Single Sign-on
Craig Dickson, Software Engineering Manager
Naveen Nallannagari, Senior Consultant
Behr Process Corporation
www.behr.com
TS-4604
2007 JavaOneSM Conference | Session TS-4604 |
2. Goals of This Presentation
A Survey of Open-Source Solutions to Single Sign-on
Present a sample of the different open
source based SSO solutions, critically
compare and contrast them and provide
tips on how to choose the right one to fit
your needs.
2007 JavaOneSM Conference | Session TS-4604 | 2
3. Agenda
What is SSO? (briefly)
Survey of the main Open Source players
Head-to-Head Comparisons
Summary
Q&A
2007 JavaOneSM Conference | Session TS-4604 | 3
4. Agenda
What is SSO?
Survey of the main Open Source players
Head-to-Head Comparisons
Summary
Q&A
2007 JavaOneSM Conference | Session TS-4604 | 4
5. What is SSO?
It is definitely not …
“Every Single time you want to do something, you
are going to have to Sign-On!”
- Your Sys Admin
2007 JavaOneSM Conference | Session TS-4604 | 5
6. What is SSO?
This is more like it …
• Authenticate only once and access multiple
resources
• Improved user productivity
• Improved developer productivity
• Ease of administration
2007 JavaOneSM Conference | Session TS-4604 | 6
7. What is SSO?
But what about the downsides …
• Potentially creates a single point of attack
• Malicious types only need 1 set of credentials and they
can do a lot of damage
• Can be very difficult to retrofit existing
applications and infrastructure with an SSO
solution
2007 JavaOneSM Conference | Session TS-4604 | 7
8. Agenda
What is SSO?
Survey of the main Open Source players
Head-to-Head Comparisons
Summary
Q&A
2007 JavaOneSM Conference | Session TS-4604 | 8
9. OpenSSO
Open Web SSO
• Mission of OpenSSO:
To provide an extensible implementation of identity
services infrastructure that will facilitate Single Sign-On for
web applications.
• From the java.net community
• Focused on Web based Single Sign-On
• a common starting point for many identity management
projects
2007 JavaOneSM Conference | Session TS-4604 | 9
10. OpenSSO
Continued …
• Sun will make the following Sun Java™ System Access
Manager modules freely available as part of OpenSSO:
• Authentication
• Single-domain SSO
• Web and Java 2 Platform, Enterprise Edition
(J2EE™ platform) agents
• Session Management
• Policy
• Console
• Administration tools
• Federation
• Policy agents
2007 JavaOneSM Conference | Session TS-4604 | 10
12. OpenSSO
OpenSSO Configuration
• Open SSO is deployed as only one application
• opensso.war
• After installation, configuration (name of host,
protocol etc) can be done at:
http://localhost:8080/opensso/configurator.jsp
• Realms have to be created
2007 JavaOneSM Conference | Session TS-4604 | 12
14. JOSSO
Java Open Single Sign-On
• Based on Java Authentication and Authorization Service
(JAAS)
• Uses web services implemented with Apache Axis as the
distributed infrastructure
• Uses Apache Struts and JavaServer Pages™ technology
(JSP™ page) technology standards
• Comes with a Reverse Proxy component that can be used
to create n-tier Single Sign-On configurations
• Allows n-tier configurations using multiple strategies, including
storing user information and credentials in LDAP, Databases and
XML files
2007 JavaOneSM Conference | Session TS-4604 | 14
15. JOSSO
Continued …
• Implement and combine multiple authentication
schemes with credential stores
• Credential Stores are repositories for user
credentials, to be used during the user
authentication transaction
• Can be configure to use (for example) certificate-
based authentication scheme, obtaining user
X.509 certificates from a database using Java
DataBase Connectivity (JDBC™) software
2007 JavaOneSM Conference | Session TS-4604 | 15
17. JOSSO
JOSSO Configuration
• Integration of JOSSO with specific application
Server (Tomcat or JBoss)
• Integrating Java Web Application with JOSSO
2007 JavaOneSM Conference | Session TS-4604 | 17
18. JOSSO
JOSSO Configuration - Integration with Tomcat or JBoss
• The Single Sign–on Gateway Configuration
• Configuration file: josso-gateway-config.xml
●
Authenticator
● Identity Manager
● Session Manager
● Audit Manager
● Event Manager
• Single Sign On Agent Configuration
• To check that a previously user logged in is authorized to access
a web context
• Configuration file to declare the concrete configuration files:
● $CATALINA_HOME/bin/josso-config.xml
2007 JavaOneSM Conference | Session TS-4604 | 18
19. JOSSO
JOSSO Configuration - Integration with Tomcat or JBoss
• Protect a Web Application
• Add to server.xml file
<Host>
...
<Valve className="org.josso.tc50.agent.SSOAgentValve" debug="1"/>
...
</Host>
• For each request to the /partner Web Context, the Single Sign-
On Agent will intercept it, assert the Single Sign-On session and
obtain the user data from the Single Sign-On Gateway.
2007 JavaOneSM Conference | Session TS-4604 | 19
20. JOSSO
JOSSO Configuration - Integration with Tomcat or JBoss
• Add a JAAS Realm
• In order to integrate the Single Sign-On Agent with the Single
Sign-On Gateway a JAAS Tomcat Realm entry must be added to
the server.xml.
• Configure a JAAS Login Module
• jaas.conf file in the $CATALINA_HOME/conf directory with the
following content:
josso {
org.josso.tc50.agent.jaas.SSOGatewayLoginModule
required debug=true;
};
• The Login Module validates the session and obtains the
corresponding user and role information by invoking the gateway
identity management webservices.
2007 JavaOneSM Conference | Session TS-4604 | 20
22. JOSSO
JOSSO Configuration – Integration Java application with JOSSO
• Web application Security Constraints
• Configured using three elements in web.xml
• <login-config> element
• <security-constraint> element
• <security-role> element
2007 JavaOneSM Conference | Session TS-4604 | 22
23. JOSSO
JOSSO Configuration – Integration Java application with JOSSO
• Integrating Enterprise JavaBeans™ (EJB™) with JOSSO
• The security constraints should be declared in the ejb-jar.xml file of the partner
components based on the Enterprise JavaBeans specification (EJB components)
• For the user identity to be propagated to the EJB components tier, the jboss.xml
file must set java:/jaas/josso as the security domain in the following way:
<?xml version="1.0" encoding="UTF-8"?>
<jboss>
<security-domain>java:/jaas/josso</security-domain>
<enterprise-beans>
<session>
<ejb-name>PartnerComponentEJB</ejb-name>
<jndi-name>josso/samples/PartnerComponentEJB</jndi-name>
</session>
</enterprise-beans>
</jboss>
2007 JavaOneSM Conference | Session TS-4604 | 23
24. JA-SIG CAS
Central Authentication Service
• An open and well-documented protocol
• A library of clients for Java technology, .NET,
PHP, Perl, Apache, uPortal and others
• Integrates with uPortal, BlueSocket, TikiWiki,
Mule, Liferay, Moodle and others
• Community documentation and implementation
support
• An extensive community of adopters
2007 JavaOneSM Conference | Session TS-4604 | 24
25. JA-SIG CAS
Continued …
• The players involved
• CAS (The Central Authentication Service)
• Service
• Proxy
• Target (or back-end service)
• CAS authentication make use of tickets, or opaque strings
that prove some assertion to CAS.
• CAS 2.0 uses the following tickets
• Ticket-granting cookie (TGC)
• Service ticket (ST)
• Proxy-granting ticket (PGT)
• Proxy-granting ticket IOU (PGTIOU)
• Proxy ticket (PT)
2007 JavaOneSM Conference | Session TS-4604 | 25
27. JA-SIG CAS
CAS Configuration
• Server Deployment
• Client Configuration
2007 JavaOneSM Conference | Session TS-4604 | 27
28. JA-SIG CAS
CAS Configuration- Server Deployment
• Based on authentication scheme used
• password based
• certificate based
• Need to implement Authentication Handler
interface
2007 JavaOneSM Conference | Session TS-4604 | 28
29. JA-SIG CAS
CAS Configuration- Server Deployment
• Example : Password based
public class UsernameLengthAuthnHandler implements AuthenticationHandler {
public boolean authenticate(Credentials credentials) throws
AuthenticationException {
UsernamePasswordCredentials upCredentials =
(UsernamePasswordCredentials) credentials;
String username = upCredentials.getUsername();
String password = upCredentials.getPassword();
String correctPassword = Integer.toString(username.length());
return correctPassword.equals(password);
}
public boolean supports(Credentials credentials) {
// we support credentials that bear usernames and passwords
return credentials instanceof UsernamePasswordCredentials;
}
}
2007 JavaOneSM Conference | Session TS-4604 | 29
30. JA-SIG CAS
CAS Configuration- Server Deployment
• Customizing views
• The existing views can be changed (i.e. JSP pages to
match the look and feel of the applications)
• Using LDAP for authentication
• Install the CAS LDAP authentication handler .jar file -
cas-server-ldap-{SOMETHING}.jar
• Include an LDAP library ("LdapTemplate" or "Spring
LDAP") intoCAS server
2007 JavaOneSM Conference | Session TS-4604 | 30
31. JA-SIG CAS
CAS Configuration- Server Deployment
• Using X.509Certificates
• CAS provides customizations to the CAS webflow to retrieve
certificates from the HttpServletRequest, package the certificates
into Credentials CAS can understand and pass them into the
CentralAuthenticationService service.
• Provides an authentication handler to determine the validity of a
certificate and if the credentials are authentic or not.
• Provides sample resolvers to translate the credentials into a
principal that client applications will understand.
2007 JavaOneSM Conference | Session TS-4604 | 31
32. JA-SIG CAS
CAS Configuration- Client
• Various Clients
• Java technology client
• JSP software client
• Uportal client
• Acegi as CAS client
• Perl, ASP.NET client etc.
2007 JavaOneSM Conference | Session TS-4604 | 32
33. JA-SIG CAS
CAS Configuration- Client
• Java technology Client Configuration
• CASFilter configuration - Example
<web-app>
...
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://secure.its.yale.edu/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://secure.its.yale.edu/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>your server name and port (e.g., www.yale.edu:8080)</param-
value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/requires-cas-authetication/*</url-pattern>
</filter-mapping>
...
</web-app>
2007 JavaOneSM Conference | Session TS-4604 | 33
34. Agenda
What is SSO?
Survey of the main Open Source players
Head-to-Head Comparisons
Summary
Q&A
2007 JavaOneSM Conference | Session TS-4604 | 34
35. Head-to-Head Comparison
Retrofitting an existing application
• JOSSO
• No support for certain application servers
• Does provide a plugin infrastructure to facilitate
integration with other containers; you can base your
own plugin on existing samples
• OpenSSO
• can fit into a multitude of application servers because
of the availability of agents
• These agents include Apache, Sun Java System Web
Server, Microsoft IIS, Domino
2007 JavaOneSM Conference | Session TS-4604 | 35
36. Head-to-Head Comparison
Integration of non-Java applications
• JOSSO
• Uses web services for asserting user identity via SOAP
• Allows the integration of non-Java applications (e.g.
PHP, .NET etc.)
• CAS
• There are many client libraries to assist in “CASifying”
applications
• Examples include AuthCAS for Apache, a uPortal
client, a Java technology Client, a PHP client and a
Perl client
2007 JavaOneSM Conference | Session TS-4604 | 36
37. Head-to-Head Comparison
Customizability
• JOSSO
• If your application server is not supported, need to customize by
writing plugins
• CAS
• Basic implementation includes only HTTPS
• Can be easily customized to be HTTP enabled
• Look and feel of login pages can be changed
• Comes with pluggable authenticators to validate against LDAP
etc.
• OpenSSO
• Customizations can be done by writing Authentication modules
• Authentication User Interface JSP pages can be customized by
Realm, Locale, Client type or any Service of the SSO system
2007 JavaOneSM Conference | Session TS-4604 | 37
38. Head-to-Head Comparison
Ease of Deployment
• CAS
• Involves deploying CAS Server (downloadable as a pre-built WAR
file or can be customized) and a CAS client with each application
• JOSSO
• Involves Configuration of:
● Single Sign-On Gateway
● the Authenticator
● the Identity Manager
● the Session Manager
• OpenSSO
• Deployable as a WAR file
2007 JavaOneSM Conference | Session TS-4604 | 38
39. Head-to-Head Comparison
Authentication for non-browser-based clients
• CAS
• Has Proxy Authentication support
• OpenSSO
• Does not have out-of-the-box support for CAS-like
proxy authentication, however there are authentication
APIs available to build one
• JOSSO
• Comes with a Reverse Proxy component that can be
used to create n-tier Single Sign-On configurations
2007 JavaOneSM Conference | Session TS-4604 | 39
40. Head-to-Head Comparison
Support for web service security
• JASSO
• Can be used to secure web services but is limited due
to the level of application server support
• CAS
• Supports web service security by protecting URLs
• OpenSSO
• Has started work related to web services security
2007 JavaOneSM Conference | Session TS-4604 | 40
41. Head-to-Head Comparison
Community support
• As all three are Open Source solutions, the
support is in the form of project websites,
community generated documentation, user
forums and mailing lists
• CAS, OpenSSO and JOSSO all have well
managed user groups
2007 JavaOneSM Conference | Session TS-4604 | 41
42. Agenda
What is SSO?
Survey of the main Open Source players
Head-to-Head Comparisons
Summary
Q&A
2007 JavaOneSM Conference | Session TS-4604 | 42
43. How to Choose
Which horse for which course …
• There are multiple factors to consider when deciding on the SSO
solution you need
• All three are Open Source solutions, so licensing issues are removed
• OpenSSO is a good choice if
• Using XML based file formats and language independent APIs is important
• Clustered environment support is required
• SSL mutual authentication is required
• You want to leverage all of the features of the Sun Java System Access Manager
• CAS is a good choice if
• Your using a Spring based infrastructure with acegi
• Your using simple DB based credential management
• JOSSO is a good choice if
• It supports your particular application server, otherwise additional development
effort will be required
2007 JavaOneSM Conference | Session TS-4604 | 43
44. Alternative Open Source Solutions
Some other horses to consider
• Atlassian Seraph
• http://opensource.atlassian.com/seraph
• Shibboleth
• http://shibboleth.internet2.edu
• CoSign
• http://www.umich.edu/~umweb/software/cosign
• Enterprise Sign-On Engine
• http://esoeproject.org/
2007 JavaOneSM Conference | Session TS-4604 | 44
45. For More Information
• OpenSSO Home Page
• https://opensso.dev.java.net/
• JOSSO Home Page
• http://www.josso.org/
• CAS Home Page
• http://www.ja-sig.org/products/cas/
• Wikipedia
• http://en.wikipedia.org/wiki/Single_sign-on
• SAML
• http://www.oasis-open.org/committees/tc_home.php?
wg_abbrev=security
• Acegi
• http://www.acegisecurity.org/
2007 JavaOneSM Conference | Session TS-4604 | 45
46. Agenda
What is SSO?
Survey of the main Open Source players
Head-to-Head Comparisons
Summary
Q&A
2007 JavaOneSM Conference | Session TS-4604 | 46