Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious
|
|
- Martina Webb
- 8 years ago
- Views:
Transcription
1 Spring Security 3 Secure your web applications against malicious intruders with this easy to follow practical guide Peter Mularien rpafktl Pen source cfb <A> II nv.iv I I community experience distilled PUBLISHING - BIRMINGHAM MUMBAI
2 Preface 1 Chapter 1: Anatomy of an Unsafe Application 9 Security audit 10 About the sample application 10 The JBCP pets application architecture 11 Application technology 12 Reviewing the audit results 13 Authentication 15 Authorization 16 Database Credential Security 16 Sensitive Information 17 Transport-Level Protection 17 Using Spring Security 3 to address security concerns 18 Why Spring Security? 18 Summary 19 Chapter 2: Getting Started with Spring Security 21 Core security concepts 22 Authentication 22 Authorization 23 Securing our application in three easy steps 26 Implementing a Spring Security XML configuration file 26 Adding the Spring DelegatingFilterProxy to your web.xml file 27 Adding the Spring Security XML configuration file reference to web.xml 28 Mind the gaps! 30 Common problems 31 Security is complicated: The architecture of secured web requests 32 How requests are processed? 32 What does auto-config do behind the scenes? 36
3 How users are authenticated? 37 What is spring_security_login and how did we get here? 41 Where do the user's credentials get validated? 43 When good authentication goes bad? 44 How requests are authorized? 45 Configuration of access decision aggregation 49 Access configuration using spring expression language 51 Summary 55 Chapter 3: Enhancing the User Experience 57 Customizing the login page 57 Implementing a custom login page 59 Implementing the login controller 59 Adding the login JSP 60 Configuring Spring Security to use our Spring MVC login page 61 Understanding logout functionality 63 Adding a Log Out link to the site header 63 How logout works 64 Changing the logout URL 66 Logout configuration directives 66 Remember me 67 Implementing the remember me option 67 How remember me works 68 Remember me and the user lifecycle 71 Remember me configuration directives 72 Is remember me secure? 73 Authorization rules differentiating remembered and fully authenticated sessions 74 Building an IP-aware remember me service 75 Customizing the remember me signature 79 Implementing password change management 80 Extending the in-memory credential store to support password change 80 Extending InMemoryDaolmpI with InMemoryChangePasswordDaolmpI 81 Configuring Spring Security to use InMemoryChangePasswordDaolmpI 82 Building a change password page 83 Adding a change password handler to AccountController 84 Exercise notes 85 Summary 86 Chapter 4: Securing Credential Storage 87 Database-backed authentication with Spring Security 88 Configuring a database-resident authentication store 88 Creating the default Spring Security schema 88 Configuring the HSQL embedded database 89 Configuring JdbcDaolmpI authentication store 89 Adding user definitions to the schema 90
4 Table ofcontents How database-backed authentication works 90 Implementing a custom JDBC UserDetailsService 92 Creating a custom JDBC UserDetailsService class 92 Adding a Spring Bean declaration for the custom UserDetailsService 92 Out of the box JDBC-based user management 93 Advanced configuration of JdbcDaolmpI 95 Configuring group-based authorization 96 Configuring JdbcDaolmpI to use groups 97 Modifying the initial load SQL script 97 Modifying the embedded database creation declaration 98 Using a legacy or custom schema with database-resident authentication 98 Determining the correct JDBC SQL queries 99 Configuring the JdbcDaolmpI to use customsql queries 100 Configuring secure passwords 101 Configuring password encoding 104 Configuring the PasswordEncoder 104 Configuring the AuthenticationProvider 104 Writing the database bootstrap password encoder 105 Configuring the bootstrap password encoder 105 Would you like some salt with that password? 106 Configuring a salted password 108 Declaring the SaltSource Spring bean 109 Wiring the PasswordEncoder to the SaltSource 109 Augmenting DatabasePasswordSecurerBean 109 Enhancing the change password functionality 111 Configuring a custom salt source 111 Extending the database schema 112 Tweaking configuration of the CustomJdbcDaolmpI UserDetails service 112 Overriding the baseline UserDetails implementation 113 Extending the functionality of CustomJdbcDaolmpI 113 Moving remember me to the database 115 Configuring database-resident remember me tokens 115 Adding SQL to create the remember me schema 115 Adding new SQL script to the embedded database declaration 116 Configuring remember me services to persist to the database 116 Are database-backed persistent tokens more secure? 116 Securing your site with SSL 117 Setting up Apache Tomcat for SSL 117 Generating a server key store 118 Configuring Tomcat's SSL Connector 118 Automatically securing portions of the site 119 Secure port mapping 121 Summary 122
5 Table ofcontents Chapter 5: Fine-Grained Access Control 123 Re-thinking application functionality and security 124 Planning for application security 124 Planning user roles 124 Planning page-level security 126 Methods of Fine-Grained authorization 127 Using Spring Security Tag Library to conditionally render content 128 Conditional rendering based on URL access rules 128 Conditional rendering based on Spring EL Expressions 129 Conditionally rendering the Spring Security 2 way 130 Using controller logic to conditionally render content 131 Adding conditional display of the Log In link 131 Populating model data based on user credentials 132 What is the best way to configure in-page authorization? 132 Securing the business tier 134 The basics of securing business methods 135 method annotation 136 Instructing Spring Security to use method annotations 136 Validating method security 136 Several flavors of method security 137 JSR-250 compliant standardized rules 137 Method security using Spring's Secured annotation 139 Method security rules using Aspect Oriented Programming 139 Comparing method authorization types 140 How does method security work? 141 Advanced method security 144 Method security rules using bean decorators 145 Method security rules incorporating method parameters 147 How method parameter binding works 147 Securing method data through Role-based filtering 149 Adding Role-based data filtering 150 Pre-filtering collections with 152 Why use at all? 153 A fair warning about method security 154 Summary 155 Chapter 6: Advanced Configuration and Extension 157 Writing a custom security filter 158 IP filtering at the servlet filter level 158 Writing our custom servlet filter 158 Configuring the IP servlet filter 160 Adding the IP servlet filter to the Spring Security filter chain 161
6 Table ofcontents Writing a custom Authentication Provider 162 Implementing simple single sign-on with an AuthenticationProvider 162 Customizing the authentication token 163 Writing the request header processing servlet filter 164 Writing the request header AuthenticationProvider 166 Combining AuthenticationProviders 167 Simulating single sign-on with request headers 169 Considerations when writing a custom AuthenticationProvider 170 Session management and concurrency 170 Configuring session fixation protection 171 Understanding session fixation attacks 171 Preventing session fixation attacks with Spring Security 172 Simulating a session fixation attack 173 Comparing session-fixation-protection options 175 Enhancing user protection with concurrent session control 176 Configuring concurrent session control 176 Understanding concurrent session control 177 Testing concurrent session control 178 Configuring expired session redirect 179 Other benefits of concurrent session control 179 Displaying a count of active users 179 Displaying information about all users 180 Understanding and configuring exception handling 182 Configuring "Access Denied" handling 184 Configuring an "Access Denied" destination URL 184 Adding controller handling of AccessDeniedException 184 Writing the Access Denied page 185 What causes an AccessDeniedException 186 The importance of the AuthenticationEntryPoint 187 Configuring Spring Security infrastructure beans manually 188 A high level overview of Spring Security bean dependencies 189 Reconfiguring the web application 189 Configuring a minimal Spring Security environment 190 Configuring a minimal servlet filter set 191 Configuring a minimal supporting object set 195 Advanced Spring Security bean-based configuration 196 Adjusting factors related to session lifecycle 196 Manual configuration of other common services 197 Declaring remaining missing filters 198 LogoutFilter 198 RememberMeAuthenticationFilter 199 ExceptionTranslationFilter 202 Explicit configuration of the SpEL expression evaluator and Voter 202
7 Bean-based configuration of method security 203 Wrapping up explicit configuration 204 Which type of configuration should I choose? 204 Authentication event handling 205 Configuring an authentication event listener 207 Declaring required bean dependencies 207 Building a custom application event listener 207 Out ofthe box ApplicationListeners 208 Multitudes of application events 209 Building a custom implementation of an SpEL expression handler 210 Summary 211 Chapter 7: Access Control Lists 213 Using Access Control Lists for business object security 213 Access Control Lists in Spring Security 215 Basic configuration of Spring Security ACL support 217 Defining a simple target scenario 217 Adding ACL tables to the HSQL database 218 Configuring the Access Decision Manager 220 Configuring supporting ACL beans 221 Creating a simple ACL entry 226 Advanced ACL topics 227 How permissions work 228 Custom ACL permission declaration 231 ACL-Enabling your JSPs with the Spring Security JSP tag library 234 Spring Expression Language support for ACLs 235 Mutable ACLs and authorization 237 Configuring a Spring transaction manager 238 Interacting with the JdbcMutableAclService 239 Ehcache ACL caching 241 Configuring Ehcache ACL caching 241 How Spring ACL uses Ehcache 242 Considerations for a typical ACL deployment 243 About ACL scalability and performance modelling 243 Do not discount custom development costs 245 Should I use Spring Security ACL? 247 Summary 247 Chapter 8: Opening up to OpenID 249 The promising world of OpenID 249 Signing up for an OpenID 251
8 Enabling OpenID authentication with Spring Security 252 Writing an OpenID login form 252 Configuring OpenID support in Spring Security 253 Adding OpenID users 254 The OpenID user registration problem 255 How OpenID identifiers are resolved 255 Implementing user registration with OpenID 258 Adding the OpenID registration option 258 Differentiating between a login and registration request 259 Configuring a custom authentication failure handler 260 Adding the OpenID registration functionality to the controller 260 Attribute Exchange 264 Enabling AX in Spring Security OpenID 265 Real-world AX support and limitations 267 Google OpenID support 267 Is OpenID secure? 268 Summary 269 Chapter 9: LDAP Directory Services 271 Understanding LDAP 272 LDAP 272 Common LDAP attribute names 273 Running an embedded LDAP server 275 Configuring basic LDAP integration 275 Configuring an LDAP server reference 275 Enabling the LDAP AuthenticationProvider 276 Troubleshooting embedded LDAP 276 Understanding how Spring LDAP authentication works 277 Authenticating user credentials 278 Determining user role membership 279 Mapping additional attributes of UserDetails 282 Advanced LDAP configuration 283 Sample JBCP LDAP users 283 Password comparison versus Bind authentication 284 Configuring basic password comparison 285 LDAP password encoding and storage 285 The drawbacks of a Password Comparison Authenticator 286 Configuring the UserDetailsContextMapper 287 Implicit configuration of a UserDetailsContextMapper 287 Viewing additional user details 287 Using an alternate password attribute 289
9 Using LDAP as a UserDetailsService 290 Notes about remember me with an LDAP UserDetailsService 291 Configuration for an In-Memory remember me service 291 Integrating with an external LDAP server 292 Explicit LDAP bean configuration 292 Configuring an external LDAP server reference 293 Configuring an LdapAuthenticationProvider 293 Integrating with Microsoft Active Directory via LDAP 294 Delegating role discovery to a UserDetailsService 297 Summary 298 Chapter 10: Single Sign On with Central Authentication Service 299 Introducing Central Authentication Service 299 High level CAS authentication flow 300 Spring Security and CAS 301 CAS installation and configuration 302 Configuring basic CAS integration 303 Adding the CasAuthenticationEntryPoint 304 Enabling CAS ticket verification 305 Proving authenticity with the CasAuthenticationProvider 307 Advanced CAS configuration 309 Retrieval of attributes from CAS assertion 309 How CAS internal authentication works 310 Configuring CAS to connect to our embedded LDAP server 311 Getting UserDetails from a CAS assertion 314 Examining the CAS assertion 315 Mapping LDAP attributes to CAS attributes 316 Finally, returning the attributes in the CAS assertion 318 Alternative Ticket authentication using SAML How is Attribute Retrieval useful? 320 Additional CAS capabilities 321 Summary 322 Chapter 11: Client Certificate Authentication 323 How Client Certificate authentication works 324 Setting up a Client Certificate authentication infrastructure 326 Understanding the purpose of a public key infrastructure 326 Creating a client certificate key pair 327 Configuring the Tomcat trust store 328 Importing the certificate key pair into a browser 330 Using Firefox 330 Using Internet Explorer 330
10 Wrapping up testing 331 Troubleshooting Client Certificate authentication 332 Configuring Client Certificate authentication in Spring Security 333 Configuring Client Certificate authentication using the security namespace 333 How Spring Security uses certificate information 334 How Spring Security certificate authentication works 335 Other loose ends 337 Supporting Dual-Mode authentication 338 Configuring Client Certificate authentication using Spring Beans 340 Additional capabilities of bean-based configuration 341 Considerations when implementing Client Certificate authentication 342 Summary 343 Chapter 12: Spring Security Extensions 345 Spring Security Extensions 345 A primer on Kerberos and SPNEGO authentication 346 Kerberos authentication in Spring Security 349 Overall Kerberos Spring Security authentication flow 349 Getting prepared 350 Assumptions for our examples 351 Creating a keytab file 352 Configuring Kerberos-related Spring beans 353 Wiring SPNEGO beans to the security namespace 355 Adding the Application Server machine to a Kerberos realm 357 Special considerations for Firefox users 358 Troubleshooting 358 Verifying connectivity with standard tools 359 Enabling Java GSS-API debugging 359 Other troubleshooting steps 360 Configuring LDAP UserDetailsService with Kerberos 361 Using form login with Kerberos 362 Summary 364 Chapter 13: Migration to Spring Security Migrating from Spring Security Enhancements in Spring Security Changes to configuration in Spring Security Rearranged AuthenticationManager configuration 367 New configuration syntax for session management options 368 Changes to custom filter configuration 369
11 Table ofcontents Changes to CustomAfterlnvocationProvider 370 Minor configuration changes 371 Changes to packages and classes 371 Summary 373 Appendix: Additional Reference Material 375 Getting started with JBCP Pets sample code 375 Available application events 376 Spring Security virtual URLs 379 Method security explicit bean configuration 379 Logical filter names migration reference 382 Index 385
Spring Security 3. http://www.springsource.com/download/community?project=spring%20security
Spring Security 3 1. Introduction http://www.springsource.com/download/community?project=spring%20security 2. Security Namespace Configuration Web.xml configuration: springsecurityfilterchain
More informationOpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way
OpenAM Written and tested with OpenAM Snapshot 9 the Single Sign-On (SSO) tool for securing your web applications in a fast and easy way Indira Thangasamy [ PUBLISHING 1 open source 1 community experience
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationMastering Tomcat Development
hep/ Mastering Tomcat Development Ian McFarland Peter Harrison '. \ Wiley Publishing, Inc. ' Part I Chapter 1 Chapter 2 Acknowledgments About the Author Introduction Tomcat Configuration and Management
More informationSingle Sign-on (SSO) technologies for the Domino Web Server
Single Sign-on (SSO) technologies for the Domino Web Server Jane Marcus December 7, 2011 2011 IBM Corporation Welcome Participant Passcode: 4297643 2011 IBM Corporation 2 Agenda USA Toll Free (866) 803-2145
More informationIdentity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE
Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication
More informationFrom centralized to single sign on
The LemonLDAP::NG project Abstract LemonLDAP::NG is a modular WebSSO (Web Single Sign On) software based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the
More informationComplete Java Web Development
Complete Java Web Development JAVA-WD Rev 11.14 4 days Description Complete Java Web Development is a crash course in developing cutting edge Web applications using the latest Java EE 6 technologies from
More informationCopyright 2014 Jaspersoft Corporation. All rights reserved. Printed in the U.S.A. Jaspersoft, the Jaspersoft
5.6 Copyright 2014 Jaspersoft Corporation. All rights reserved. Printed in the U.S.A. Jaspersoft, the Jaspersoft logo, Jaspersoft ireport Designer, JasperReports Library, JasperReports Server, Jaspersoft
More informationGlassFish Security. open source community experience distilled. security measures. Secure your GlassFish installation, Web applications,
GlassFish Security Secure your GlassFish installation, Web applications, EJB applications, application client module, and Web Services using Java EE and GlassFish security measures Masoud Kalali PUBLISHING
More informationWhite Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution
White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationCrawl Proxy Installation and Configuration Guide
Crawl Proxy Installation and Configuration Guide Google Enterprise EMEA Google Search Appliance is able to natively crawl secure content coming from multiple sources using for instance the following main
More informationTIBCO Spotfire Platform IT Brief
Platform IT Brief This IT brief outlines features of the system: Communication security, load balancing and failover, authentication options, and recommended practices for licenses and access. It primarily
More informationSafewhere*Identify 3.4. Release Notes
Safewhere*Identify 3.4 Release Notes Safewhere*identify is a new kind of user identification and administration service providing for externalized and seamless authentication and authorization across organizations.
More information<Insert Picture Here> Hudson Security Architecture. Winston Prakash. Click to edit Master subtitle style
Hudson Security Architecture Click to edit Master subtitle style Winston Prakash Hudson Security Architecture Hudson provides a security mechanism which allows Hudson Administrators
More informationSingle Sign-On Implementation Guide
Salesforce.com: Salesforce Winter '09 Single Sign-On Implementation Guide Copyright 2000-2008 salesforce.com, inc. All rights reserved. Salesforce.com and the no software logo are registered trademarks,
More informationA (re)introduction to Spring Security
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security What s coming in Spring Security 3 Before Spring Security There was...
More informationSpring Security SAML module
Spring Security SAML module Author: Vladimir Schäfer E-mail: vladimir.schafer@gmail.com Copyright 2009 The package contains the implementation of SAML v2.0 support for Spring Security framework. Following
More informationNicholas S. Williams. wrox. A Wiley Brand
Nicholas S. Williams A wrox A Wiley Brand CHAPTER 1; INTRODUCING JAVA PLATFORM, ENTERPRISE EDITION 3 A Timeline of Java Platforms 3 In the Beginning 4 The Birth of Enterprise Java 5 Java SE and Java EE
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationIdentity Server Guide Access Manager 4.0
Identity Server Guide Access Manager 4.0 June 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF
More informationTIBCO Spotfire Web Player 6.0. Installation and Configuration Manual
TIBCO Spotfire Web Player 6.0 Installation and Configuration Manual Revision date: 12 November 2013 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED
More informationImplementation Guide SAP NetWeaver Identity Management Identity Provider
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before
More informationAccess Gateway Guide Access Manager 4.0 SP1
Access Gateway Guide Access Manager 4.0 SP1 May 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationAlfresco. Wiley Publishing, Inc. PROFESSIONAL. PRACTICAL SOLUTIONS FOR ENTERPRISE. John Newton CONTENT MANAGEMENT. Michael Farman Michael G.
PROFESSIONAL. Alfresco PRACTICAL SOLUTIONS FOR ENTERPRISE CONTENT MANAGEMENT David Caruana John Newton Michael Farman Michael G. Uzquiano Kevin Roast WILEY Wiley Publishing, Inc. INTRODUCTION xxix CHAPTER
More informationStreamServe Persuasion SP5 StreamStudio
StreamServe Persuasion SP5 StreamStudio Administrator s Guide Rev B StreamServe Persuasion SP5 StreamStudio Administrator s Guide Rev B OPEN TEXT CORPORATION ALL RIGHTS RESERVED United States and other
More informationWebLogic Server 7.0 Single Sign-On: An Overview
WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of
More informationShibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de
Shibboleth Identity Provider (IdP) Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford
More informationUser-ID Best Practices
User-ID Best Practices PAN-OS 5.0, 5.1, 6.0 Revision A 2011, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents PAN-OS User-ID Functions... 3 User / Group Enumeration... 3 Using LDAP Servers
More informationIBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide
IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices
More informationApplication Security. Petr Křemen. petr.kremen@fel.cvut.cz
Application Security Petr Křemen petr.kremen@fel.cvut.cz What is application security? Security is a set of measures that So, what can happen? taken from [7] first half of 2013 Let's focus on application
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationBuilding Web Applications, Servlets, JSP and JDBC
Building Web Applications, Servlets, JSP and JDBC Overview Java 2 Enterprise Edition (JEE) is a powerful platform for building web applications. The JEE platform offers all the advantages of developing
More informationHow to Configure Captive Portal
How to Configure Captive Portal Captive portal is one of the user identification methods available on the Palo Alto Networks firewall. Unknown users sending HTTP or HTTPS 1 traffic will be authenticated,
More informationArchitecture Guidelines Application Security
Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation
More informationLDAP Authentication and Authorization
LDAP Authentication and Authorization What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned to centralized
More informationEnsure that your environment meets the requirements. Provision the OpenAM server in Active Directory, then generate keytab files.
This chapter provides information about the feature which allows end users to log into a Windows client machine on a Windows domain, then use certain Cisco Unified Communications Manager applications without
More informationAn Advanced Fallback Authentication Framework for SAS 9.4 and SAS Visual Analytics
Paper SAS102-2014 An Advanced Fallback Authentication Framework for SAS 9.4 and SAS Visual Analytics Zhiyong Li, SAS Institute; Mike Roda, SAS Institute ABSTRACT SAS 9.4 and SAS Visual Analytics (VA) support
More informationInstallation and Configuration Guide
Entrust Managed Services PKI Auto-enrollment Server 7.0 Installation and Configuration Guide Document issue: 1.0 Date of Issue: July 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark
More informationGrails 1.1. Web Application. Development. Reclaiming Productivity for Faster. Java Web Development. Jon Dickinson PUBLISHING J MUMBAI BIRMINGHAM
Grails 1.1 Development Web Application Reclaiming Productivity for Faster Java Web Development Jon Dickinson PUBLISHING J BIRMINGHAM - MUMBAI Preface Chapter 1: Getting Started with Grails 7 Why Grails?
More informationCustomer Bank Account Management System Technical Specification Document
Customer Bank Account Management System Technical Specification Document Technical Specification Document Page 1 of 15 Table of Contents Contents 1 Introduction 3 2 Design Overview 4 3 Topology Diagram.6
More informationDeveloping ASP.NET MVC 4 Web Applications MOC 20486
Developing ASP.NET MVC 4 Web Applications MOC 20486 Course Outline Module 1: Exploring ASP.NET MVC 4 The goal of this module is to outline to the students the components of the Microsoft Web Technologies
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?
More informationAdvanced OpenEdge REST/Mobile Security
Advanced OpenEdge REST/Mobile Security Securing your OpenEdge Web applications Michael Jacobs August 2013 Legal Disclaimer The contents of these materials are confidential information of Progress Software
More informationPierce County IT Department GIS Division Xuejin Ruan Dan King
Pierce County IT Department GIS Division Xuejin Ruan Dan King Web Application Work Flow Main Topics Authentication Authorization Session Management * Concurrent Session Management * Session Timeout Single
More informationSingle Sign On. SSO & ID Management for Web and Mobile Applications
Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing
More informationAPI-Security Gateway Dirk Krafzig
API-Security Gateway Dirk Krafzig Intro Digital transformation accelerates application integration needs Dramatically increasing number of integration points Speed Security Industrial robustness Increasing
More informationIBM WebSphere Server Administration
IBM WebSphere Server Administration This course teaches the administration and deployment of web applications in the IBM WebSphere Application Server. Duration 24 hours Course Objectives Upon completion
More informationWeb Application Security Assessment and Vulnerability Mitigation Tests
White paper BMC Remedy Action Request System 7.6.04 Web Application Security Assessment and Vulnerability Mitigation Tests January 2011 www.bmc.com Contacting BMC Software You can access the BMC Software
More informationDeveloping ASP.NET MVC 4 Web Applications
Course M20486 5 Day(s) 30:00 Hours Developing ASP.NET MVC 4 Web Applications Introduction In this course, students will learn to develop advanced ASP.NET MVC applications using.net Framework 4.5 tools
More informationUPGRADING TO XI 3.1 SP6 AND SINGLE SIGN ON. Chad Watson Sr. Business Intelligence Developer
UPGRADING TO XI 3.1 SP6 AND SINGLE SIGN ON Chad Watson Sr. Business Intelligence Developer UPGRADING TO XI 3.1 SP6 What Business Objects Administrators should consider before installing a Service Pack.
More informationWebSphere Training Outline
WEBSPHERE TRAINING WebSphere Training Outline WebSphere Platform Overview o WebSphere Product Categories o WebSphere Development, Presentation, Integration and Deployment Tools o WebSphere Application
More informationSpring Security. Reference Documentation. 2.0.x. Copyright 2005-2007
Spring Security Reference Documentation 2.0.x Copyright 2005-2007 Preface... vi I. Getting Started... 1 1. Introduction... 2 1.1. What is Spring Security?... 2 1.2. History... 3 1.3. Release Numbering...
More informationTableau Server Security. Version 8.0
Version 8.0 Author: Marc Rueter Senior Director, Strategic Solutions, Tableau Software June 2013 p2 Today s enterprise class systems need to provide robust security in order to meet the varied and dynamic
More informationImplementing CAS. Adam Rybicki. 2010 Jasig Conference, San Diego, CA March 7, 2010
Implementing CAS Adam Rybicki 2010 Jasig Conference, San Diego, CA March 7, 2010 Copyright Unicon, Inc., 2009. This work is the intellectual property of Unicon, Inc. Permission is granted for this material
More informationCopyright: WhosOnLocation Limited
How SSO Works in WhosOnLocation About Single Sign-on By default, your administrators and users are authenticated and logged in using WhosOnLocation s user authentication. You can however bypass this and
More informationSCAS: AN IMPROVED SINGLE SIGN-ON MODEL BASE ON CAS
SCAS: AN IMPROVED SINGLE SIGN-ON MODEL BASE ON CAS 1,2 XIANG LIYUN, 1 FANG ZHIYI, 1 SUN HONGYU 1 College of Computer Science and Technology, Jilin University, Changchun, China 2 Department of Computer
More informationLeverage Active Directory with Kerberos to Eliminate HTTP Password
Leverage Active Directory with Kerberos to Eliminate HTTP Password PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 603.546.2309 E-mail: salesteam@pistolstar.com Website: www.pistolstar.com
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationTomcat 5 New Features
Tomcat 5 New Features ApacheCon US 2003 Session MO10 11/17/2003 16:00-17:00 Craig R. McClanahan Senior Staff Engineer Sun Microsystems, Inc. Slides: http://www.apache.org/~craigmcc/ Agenda Introduction
More informationPingFederate. IWA Integration Kit. User Guide. Version 3.0
PingFederate IWA Integration Kit Version 3.0 User Guide 2012 Ping Identity Corporation. All rights reserved. PingFederate IWA Integration Kit User Guide Version 3.0 April, 2012 Ping Identity Corporation
More informationentries_inheriting, 208
Index A AbstractSecurityInterceptor, 31 AbstractSecurityInterceptor s beforeinvocation method, 122 Access Control Entry (ACE), 207 Access control lists (ACLs) accessing secured objects AclEntryVoter(s),
More informationGetting Started with AD/LDAP SSO
Getting Started with AD/LDAP SSO Active Directory and LDAP single sign- on (SSO) with Syncplicity Business Edition accounts allows companies of any size to leverage their existing corporate directories
More informationDEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5
DEPLOYMENT GUIDE Version 1.1 Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Citrix Presentation Server Prerequisites
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationCHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS
CHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS Java EE Components Java EE Vendor Specifications Containers Java EE Blueprint Services JDBC Data Sources Java Naming and Directory Interface Java Message
More informationUnlocking the Secrets of Alfresco Authentication. Mehdi BELMEKKI,! Consultancy Team! Alfresco!
Unlocking the Secrets of Alfresco Authentication Mehdi BELMEKKI,! Consultancy Team! Alfresco! Agenda Introduction! Talk objectives! Repository Authentication! Share Authentication! External Authentication!
More informationSetup Guide Access Manager 3.2 SP3
Setup Guide Access Manager 3.2 SP3 August 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationNetIQ Identity Manager Setup Guide
NetIQ Identity Manager Setup Guide July 2015 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE
More informationOracle WebLogic Server 11g Administration
Oracle WebLogic Server 11g Administration This course is designed to provide instruction and hands-on practice in installing and configuring Oracle WebLogic Server 11g. These tasks include starting and
More informationMicrosoft Active Directory Oracle Enterprise Gateway Integration Guide
An Oracle White Paper May 2011 Microsoft Active Directory Oracle Enterprise Gateway Integration Guide 1/33 Disclaimer The following is intended to outline our general product direction. It is intended
More informationLDAP and Integrated Technologies: A Simple Primer Brian Kowalczyk, Kowal Computer Solutions Inc., IL Richard Kerwin, R.K. Consulting Inc.
LDAP and Integrated Technologies: A Simple Primer Brian Kowalczyk, Kowal Computer Solutions Inc., IL Richard Kerwin, R.K. Consulting Inc., IL ABSTRACT SAS Integration Technologies and LDAP(Lightweight
More informationCA Adapter. Installation and Configuration Guide for Windows. r2.2.9
CA Adapter Installation and Configuration Guide for Windows r2.2.9 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationUser Identification (User-ID) Tips and Best Practices
User Identification (User-ID) Tips and Best Practices Nick Piagentini Palo Alto Networks www.paloaltonetworks.com Table of Contents PAN-OS 4.0 User ID Functions... 3 User / Group Enumeration... 3 Using
More informationCatDV Pro Workgroup Serve r
Architectural Overview CatDV Pro Workgroup Server Square Box Systems Ltd May 2003 The CatDV Pro client application is a standalone desktop application, providing video logging and media cataloging capability
More informationGENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK
Antti Pyykkö, Mikko Malinen, Oskari Miettinen GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK TJTSE54 Assignment 29.4.2008 Jyväskylä University Department of Computer Science
More informationCourse Name: Course in JSP Course Code: P5
Course Name: Course in JSP Course Code: P5 Address: Sh No BSH 1,2,3 Almedia residency, Xetia Waddo Duler Mapusa Goa E-mail Id: ITKP@3i-infotech.com Tel: (0832) 2465556 (0832) 6454066 Course Code: P5 3i
More informationWindows Security and Directory Services for UNIX using Centrify DirectControl
SOLUTION GUIDE CENTRIFY CORP. SEPTEMBER 2005 Windows Security and Directory Services for UNIX using Centrify DirectControl With Centrify, you can now fully leverage your investment in Active Directory
More informationWebSphere Server Administration Course
WebSphere Server Administration Course Chapter 1. Java EE and WebSphere Overview Goals of Enterprise Applications What is Java? What is Java EE? The Java EE Specifications Role of Application Server What
More informationServer based signature service. Overview
1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...
More informationSecuring access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001
Securing access to Citrix applications using Citrix Secure Gateway and SafeWord PremierAccess App Note December 2001 DISCLAIMER: This White Paper contains Secure Computing Corporation product performance
More informationSSO Plugin. Release notes. J System Solutions. http://www.javasystemsolutions.com Version 3.6
SSO Plugin Release notes J System Solutions Version 3.6 JSS SSO Plugin v3.6 Release notes What's new... 3 Improved Integrated Windows Authentication... 3 BMC ITSM self service... 3 Improved BMC ITSM Incident
More informationUsing weblock s Servlet Filters for Application-Level Security
Using weblock s Servlet Filters for Application-Level Security September 2006 www.2ab.com Introduction Access management is a simple concept. Every business has information that needs to be protected from
More informationUnified Access for Enterprise Users
Unified Access for Enterprise Users Informational webinar Chinmay Meghani Liferay Portal Specialist Fulcrum Worldwide, Inc. Mehria Askaryar Business Development Manager Fulcrum Worldwide, Inc. Agenda Introduction
More informationSecuring WebFOCUS A Primer. Bob Hoffman Information Builders
Securing WebFOCUS A Primer Bob Hoffman Information Builders 1 Agenda Gain an understanding of the WebFOCUS Architecture Where can security be implemented? Review the internal WebFOCUS repository and resource
More informationBuilding Secure Applications. James Tedrick
Building Secure Applications James Tedrick What We re Covering Today: Accessing ArcGIS Resources ArcGIS Web App Topics covered: Using Token endpoints Using OAuth/SAML User login App login Portal ArcGIS
More informationSecure the Web: OpenSSO
Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based
More informationInfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x
InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x Active Innovations, Inc. Copyright 1998 2015 www.inforouter.com Installing the LDAP Authentication Web Service
More informationIntegrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER
Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER Table of Contents Introduction.... 3 Requirements.... 3 Horizon Workspace Components.... 3 SAML 2.0 Standard.... 3 Authentication
More informationAPPLICATION SECURITY ENHANCEMENTS IN JAVA EE 6
APPLICATION SECURITY ENHANCEMENTS IN JAVA EE 6 SRINI PENCHIKALA Austin Java User Group Meeting October 26, 2010 ABOUT THE SPEAKER Security Architect Certified Scrum Master Author, Editor (InfoQ) IASA Austin
More informationReference Documentation
Reference Documentation 1.0.0 RC 1 Copyright (c) 2004 - Ben Alex Table of Contents Preface... iv 1. Security... 1 1.1. Before You Begin... 1 1.2. Introduction... 1 1.2.1. Current Status... 1 1.3. High
More informationSiteminder Integration Guide
Integrating Siteminder with SA SA - Siteminder Integration Guide Abstract The Junos Pulse Secure Access (SA) platform supports the Netegrity Siteminder authentication and authorization server along with
More information