Code Robo
Virtual Service
Comparator
Tester
Converter
Utility
Java Code Complience
Validator
Formatter
EncoderDecoder
How To Implement SSO.
       Talk to EasyAssistant

This page demonstrate How To Implementation SSO..

Implementation of SSO is very common requirement for an Enterprise. Enterprise will have many web applications and they would like to access any of the application if user loged in once.
What is SSO:
Single sign-on (SSO) is an mechanism which allows user to access multiple applications by loging in once. Example. - ABC oraganization has 5 web application (App1, App2,...App5). All applications supports SSO. So if any user login to any of the application (e.g App3), he will be able to access other application(e.g. App5) without loging in further.

There is a difference between single-sign-on (SSO) and same-sign-on.
same-sign-on is about multiple application uses the same corporate directory (Active Director) to authenticate the user. So same userid works for all the applications. But all the application needs to do authentication before allowing access to any of it's resources (e.g page). Here authentication done by one application is not supported (accepted) by other other application.
Where as in case of SSO, if one application authenticate the user, other application do ask for re-authentication. Insted it uses(accept)

How SSO works
There are multiple way of SSO implementation. It varries from application server (e.g. Websphere, Weblogic, J-BOSS) to application server.
But all follow certion priciple.
To implement SSO, In generatl you need to have following software installed.
  • Identitiy Provider (idP)
  • Application Server (e.g. Websphere Application Server) which host the web applications
Identity Provider (idP) -Its a software which provide identity information for an user (principals). and authentication services to relying applications within distributed network.
Some well know idP are Oracle Access Management (OAM)
It authenticates user and issue token. In market, there are many idP product (s/w). Some well know idP are OIAM (Oracle Identity and Access Management).
Service Provider - Application Server (e.g. WAS) who host the application and provide service to end user.
Client - Who access the service provider (Browser).



SSO Setup in Websphere Application Server (WAS)
We will discuss here how to setup SSO for web applications hosted in WAS.
Following steps are required to to enbale SSO for applications hosted in WebSphere Application Serv3er(WAS)
  1. SAML Assertion Consumer Service (Installation Guide())
  2. Setup SAML Trust Association Interceptors in Websphere adim consoleSetup Guide
  3. Setup Administrative Security in admin console
    • Log on to the WebSphere Application Server administrative console.
    • Go to Security > Global Security
    • Click Security Configuration Wizard and follow the steps to create a administrative user. We have created a user named admin.
    • Do not enable java 2 security
  4. Set Identity Provider in WAS admin console (setupInsatallation guide)
  5. Add IdP realms to the list of inbound trusted realms(Installation Guide).
  6. Custom Jars for SP Initiated SSO and User Mapping Interface
    • SP Initiated SSO
    • User Mapping Implementation
  7. Registering Your Web application with idp
  8. Enable Single Sign On feature your web application.
  9. Security Constraint in Web.xml - Add your security constraint in web.xml

Other Documents
1.SAML SSO in WebSphere Application Server Network Deployment
2.Troubleshoot SAML SSO in WebSphere
-


Post Your Comment:
Name :
Email ( Optional) :
Comments / Suggestion (* Required) It is required: :
: