OpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way



Similar documents
GlassFish Security. open source community experience distilled. security measures. Secure your GlassFish installation, Web applications,

Secure the Web: OpenSSO

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

TIBCO Spotfire Platform IT Brief

NetIQ Identity Manager Setup Guide

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious

Installing, Configuring, and Managing a Microsoft Active Directory

D83167 Oracle Data Integrator 12c: Integration and Administration

Access Management Analysis of some available solutions

Stronger Authentication with Biometric SSO

IBM WebSphere Application Server V8.5 lab Basic Liberty profile administration using the job manager

Flexible Identity Federation

Setting Up Resources in VMware Identity Manager

Using SAML for Single Sign-On in the SOA Software Platform

Xerox DocuShare Security Features. Security White Paper

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

nexus Hybrid Access Gateway

esoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD

Configuring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite. Abstract

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

PingFederate. SSO Integration Overview

CA SiteMinder. Policy Server Management Guide. r6.0 SP6. Second Edition

Administration Guide. SecureLogin 8.0. October, 2013

CA SiteMinder. Policy Server Administration Guide. r12.0 SP2

Interstage Application Server V7.0 Single Sign-on Operator's Guide

Ensure that your environment meets the requirements. Provision the OpenAM server in Active Directory, then generate keytab files.

Novell Access Manager

Integrating EJBCA and OpenSSO

IDENTIKEY Server Windows Installation Guide 3.2

HP Business Service Management

How To Configure Bm Atrium Sso For A Long Term Memory (Long Term Memory) On A Microsoft Server (For A Long Time) On An Ubuntu 2.5 (For An Uborg 2.4) (For Ub

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

StreamServe Persuasion SP5 StreamStudio

BlackBerry Enterprise Service 10. Version: Configuration Guide

FileMaker Server 13. FileMaker Server Help

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

WHITE PAPER. Domo Advanced Architecture

APIS CARM NG Quick Start Guide for MS Windows

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

FileMaker Server 15. Getting Started Guide

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Salesforce1 Mobile Security Guide

Integrating WebSphere Portal V8.0 with Business Process Manager V8.0

Hansoft LDAP Integration

Oracle Data Integrator 11g: Integration and Administration

Oracle Data Integrator 12c: Integration and Administration

IDENTIKEY Server Windows Installation Guide 3.1

Casper Suite. Security Overview

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

FileMaker Server 14. FileMaker Server Help

Administering Jive for Outlook

Implementing Microsoft SQL Server 2008 Exercise Guide. Database by Design

Securing SAS Web Applications with SiteMinder

Identikey Server Windows Installation Guide 3.1

StreamServe Persuasion SP5 Control Center

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

EMC Documentum Connector for Microsoft SharePoint

Cloud Authentication. Getting Started Guide. Version

F5 BIG-IP: Configuring v11 Access Policy Manager APM

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Identity as a Service Powered by NetIQ IdentityAccess Service Configuration and Administration Guide

CA SiteMinder. SAML Affiliate Agent Guide. 6.x QMR 6

LDAPCON Sébastien Bahloul

Microsoft Administering the Web Server (IIS) Role of Windows Server

VMware Identity Manager Connector Installation and Configuration

Novell Access Manager

Administering the Web Server (IIS) Role of Windows Server 10972B; 5 Days

System Administration of Windchill 10.2

OnCommand Unified Manager

TROUBLESHOOTING RSA ACCESS MANAGER SINGLE SIGN-ON FOR WEB-BASED APPLICATIONS

SpringCM Troubleshooting Guide for Salesforce

Course 6425C: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

CHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS

Oracle WebLogic Server 11g Administration

Single Sign On. Configuration Checklist for Single Sign On CHAPTER

Flexible Identity Federation

EMC Documentum Content Services for SAP Repository Manager

Configuration Guide BES12. Version 12.2

VMware vcenter Server 5.5 Deployment Guide TECHNICAL MARKETING DOCUMENTATION V 1.0/NOVEMBER 2013/JUSTIN KING

Using LDAP Authentication in a PowerCenter Domain

Session Service Architecture

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Identity Server Guide Access Manager 4.0

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

CA SiteMinder Secure Proxy Server

CA Adapter. Installation and Configuration Guide for Windows. r2.2.9

Installing and Configuring vcenter Support Assistant

FileMaker Server 13. Getting Started Guide

Oracle Data Integrator: Administration and Development

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Crawl Proxy Installation and Configuration Guide

Integration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication

Administrator Guide. v 11

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Installation Guide for Pulse on Windows Server 2012

Installation Guide. Release 3.1

Securing your business

Transcription:

OpenAM Written and tested with OpenAM Snapshot 9 the Single Sign-On (SSO) tool for securing your web applications in a fast and easy way Indira Thangasamy [ PUBLISHING 1 open source 1 community experience distilled BIRMINGHAM - MUMBAI

Preface 1 Chapter 1: Getting Started 7 History of OpenSSO 9 OpenSSO vs. OpenAM 10 OpenSSO an overview 11 OpenSSO services 11 Federation services 12 Web Services Security and Secure Token Service 13 OpenSSO Entitlements Service 15 What kind of problems does OpenSSO solve? 16 Access management 16 Federation 16 Securing web services 17 Entitlements 18 Summary 19 Chapter 2: OpenSSO Deployment and Configuration 21 Deployment requirements for OpenSSO web application 22 Containers and operating systems support 22 Java SDK support 23 Disk and memory requirements 23 Browser requirements 24 Configuration store versus Identity Store 24 Configuration store 24 Embedded configuration store 25 External Sun Directory Server Enterprise Edition configuration store 26 Identity store 27 How to obtain OpenSSO 28 Building OpenSSO from source 28 Downloading OpenSSO binary 29

Configuring OpenSSO 31 Installing and configuring Apache Tomcat 6.0.20 31 OpenSSO one click configuration 34 Verifying OpenSSO configuration 37 What just happened? 38 OpenSSO-configuration choices 39 Single server configuration-using embedded configuration store 40 Layout of the configuration directory 46 Single server configuration-using external configuration store 47 Multi-server configuration-embedded configuration store 50 Prerequisites for multi-server configuration 51 Adding OpenSSO to an existing deployment 52 Verification of multi-server deployment 55 Configuring using command line configurator 56 Configuring OpenSSO with SSL/TLS 58 Configuring command line tools 58 Uninstalling OpenSSO 61 OpenSSO release and support model 61 Summary 62 Chapter 3: Administrating OpenSSO 63 Administration interfaces 64 Accessing the administrative console 65 Console views and privileges 66 Console landing page-common tasks 69 Access control tab 70 General 71 Authentication 71 Service 72 Data stores 73 Privileges 74 Policies 77 Subjects 79 Agents 81 Configuration 83 Retrieving all the server properties 84 Updating server configuration properties 84 Removing properties from server configuration 85 Sessions tab 85 Managing sessions using ssoadm 86 Customizing the console 86 Extending LDAP schema 87 Customizing OpenSSO User Service 88 Adding attributes to amllser.xml 88

Removing User Service schema 89 Adding the updated User Service schema 90 Adding the labels 90 Adding the custom attributes to data store configurations 91 Updating privileges 92 Testing the changes 93 Summary 94 Chapter 4: Authentication and Session Service 95 Authentication process 96 Cookies in OpenSSO 97 Authentication types and URL parameters 98 Module 99 Level 100 Service 100 User 101 Role 101 Realm 101 Resource 102 Other authentication URL parameters 103 IDToken parameter 103 goto and gotoonfail parameters 103 locale parameter 104 arg parameter 105 ipspcookie parameter 106 ForceAuth parameter 106 PersistAMCookie parameter 107 Authentication modules, instances, and chains 107 LDAP authentication 108 Creating Updating an authentication instance 109 Reading an authentication instance 109 Using an authentication instance 110 an authentication instance 108 Deleting an authentication instance 110 Authentication chains 111 Creating an authentication chain 112 Updating an authentication chain 112 Reading an authentication chain 113 Using an authentication chain 113 Performing a user-based authentication 113 Deleting an authentication chain 114 Authentication modules 114 LDAP 115 Active Directory 115 Data store 115 Anonymous 116 Certificate (X.509) 116

Configuring Tomcat in SSL using CA signed certificate 117 HTTP basic authentication 120 Membership 120 JDBC HOTP 121 SecurlD 122 SafeWord 122 RADIUS 122 Unix Windows NT Windows Desktop SSO 124 Core User profile requirement 124 Setting user profile attributes in an SSO token 126 Adding custom authentication modules 128 Session Service 129 Session Service schema 130 Updating Session Service 130 Session life cycle 131 Session structuring 131 Session state transition 132 Session properties 133 Session change notification and polling 134 Session persistence and constraints 135 Summary 136 Chapter 5: Password Reset and Account Management 137 Account lockout 138 Configuring account lockout 138 Physical lockout 140 In-memory lockout 141 Applying a password reset 142 Prerequisites 142 Configuring the password reset service in OpenSSO 143 Assigning service and update service attributes 143 Creating and assigning OpenDS password policy 149 Summary 153 Chapter 6: Protecting a Simple Web Application to Provide SSO 155 OpenSSO Policy Framework 156 Protecting a sample application on Tomcat 158 Creating the agent profile 159 Installing and configuring the agents 160 120 123 123 124

Table ofcontents Deploying and configuring the Java application 160 Creating policies and associated identities 161 Testing the SSO 164 Fetching user profile attributes 167 Summary 168 Chapter 7: Integrating Salesforce and Google Apps 169 Integrating OpenSSO with Salesforce applications 170 Configuring hosted identity provider and circle of trust 171 Configuring OpenSSO metadata for Salesforce.com 172 Configuring users for Salesforce.com 174 Verifying the SSO 176 Integrating with Google Apps 177 Configuring the hosted identity provider 178 Configuring SSO parameters at Google Apps 179 Configuring users for Google Apps 180 Verifying SSO 181 Summary 183 Chapter 8: Identity Stores 185 Identity store types 186 Caching and notification 188 Persistent search-based notification 189 Time-to-live based notification 191 TTL-specific properties for Identity Repository cache 191 Supported identity stores 192 User schema 192 Access Manager Repository plugin 193 Creating an Access Manager Repository plugin data store 194 Displaying the data store properties 195 Updating data store properties 196 Deleting data stores 196 Removing the Access Manager Repository plugin 196 Oracle Directory Server Enterprise Edition 197 Creating a data store for Oracle DSEE 197 Updating the data store 198 Deleting the data store 198 Data store for OpenDS 198 Data store for Tivoli DS 199 Data store for Active Directory 199 Data store for Active Directory Application Mode 199 Datastore for OpenLDAP 200 Configuring an OpenLDAP suffix 200

Extending the schema 201 Preparing the suffix with necessary entries 202 Creating an OpenLDAP data store 203 Testing the data store 203 Multiple data stores 204 Summary 205 Chapter 9: RESTful Identity Services 207 Prerequisites 208 Invoking REST interfaces 210 Authentication 210 Authenticating with URL parameters 211 Validating an SSO token 212 Invalidating session (logout) 213 Creating log events 213 Authorization 214 Identity CRUD operations 215 Searching identities 215 Searching for user identities 216 Searching groups 216 Searching for agents 216 Retrieving identity attributes 217 Creating agent identities 218 Creating user identities 219 Creating group identities 219 Updating identities 220 Deleting identities 221 Deleting user identities 221 Deleting group identities 221 Deleting the agent identities 221 Other REST interfaces 222 Summary 222 Chapter 10: Backup, Recovery, and Logging 223 Backing up configuration data 224 Backing up the OpenSSO configuration files 225 Backing up the OpenSSO configuration data 226 Crash recovery and restore 227 Test to production 228 Performing the configuration change 229 Configuring the export test server 229 Configuring OpenSSO on the production server 230 Adapting the test configuration data 231 Importing into the production system 232

OpenSSO audit and logging 232 Enabling debug (trace) level logging 233 Audit logging 234 File-based logging 236 Database logging 237 Remote logging 240 Secure logging 240 Summary 243 Chapter 11: Troubleshooting and Diagnostics 245 OpenSSO diagnostic tools 245 Installing and configuring the tool 246 Invoking the tool 246 Troubleshooting 248 Installation and configuration 249 Scenario 1 249 Scenario 2 250 Scenario 3 250 Scenario 4 251 Authentication and session areas 252 Scenario 1 252 Scenario 2 252 Scenario 3 252 Scenario 4 253 Identity repository and password reset 253 Scenario 1 253 Scenario 2 254 Scenario 3 254 Scenario 4 255 Scenario 5 255 Policy and agents 255 Scenario 1 255 Scenario 2 256 Scenario 3 257 Command line tools 257 Scenario 1 257 Scenario 2 258 Summary 259 Index 261 [vii]

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information