OpenSSO: Cross Domain Single Sign On



Similar documents
Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

WebLogic Server 7.0 Single Sign-On: An Overview

SAML-Based SSO Solution

Egnyte Single Sign-On (SSO) Installation for OneLogin

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Security Assertion Markup Language (SAML) Site Manager Setup

Agenda. How to configure

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

OIOSAML Rich Client to Browser Scenario Version 1.0

HP Software as a Service. Federated SSO Guide

Siebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006

Single Sign-on (SSO) technologies for the Domino Web Server

SAML-Based SSO Solution

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Safewhere*Identify 3.4. Release Notes

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Deploying RSA ClearTrust with the FirePass controller

SAML Security Analysis. Huang Zheng Xiong Jiaxi Ren Sijun

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

Perceptive Experience Single Sign-On Solutions

Operating Level Agreement for NYU Login Service

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

Egnyte Single Sign-On (SSO) Installation for Okta

Using SAML for Single Sign-On in the SOA Software Platform

TIBCO Spotfire Platform IT Brief

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Web Access Management and Single Sign-On

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

MONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY. ASR 2006/2007 Final Project. Supervisers: Maryline Maknavicius-Laurent, Guy Bernard

IBM WebSphere Application Server

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

External and Federated Identities on the Web

Copyright: WhosOnLocation Limited

Software Design Document SAMLv2 IDP Proxying

The increasing popularity of mobile devices is rapidly changing how and where we

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

Implementation Guide SAP NetWeaver Identity Management Identity Provider

HP Software as a Service

Policy Guide Access Manager 3.1 SP5 January 2013

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Alfresco Share SAML. 2. Assert user is an IDP user (solution for the Security concern mentioned in v1.0)

Google Apps Deployment Guide

Logout Support on SP and Application

Gateway Apps - Security Summary SECURITY SUMMARY

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

DIGIPASS as a Service. Google Apps Integration

SAML Security Option White Paper

Authentication Methods

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

Integrating EJBCA and OpenSSO

Reverse Proxy Guide. Version 2.0 April 2016

Connected Data. Connected Data requirements for SSO

Quick Start Guide Managing Your Domain

Configuring Single Sign-on for WebVPN

Enhancing Web Application Security

Research and Implementation of Single Sign-On Mechanism for ASP Pattern *

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

esoc SSA DC-I Part 1 - Single Sign-On and Access Management ICD

SAML Single-Sign-On (SSO)

Using different Security Policies on Group Level for AD within one Portal. SSL-VPN Security on Group Level. Introduction

Certification Final Report SAML 2.0 Interoperability Test First Quarter 2011 (1Q11) March 31, 2011

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

How To Use Netscaler As An Afs Proxy

ShoreTel Advanced Applications Web Utilities

Evaluation of different Open Source Identity management Systems

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

RSA Secured Implementation Guide for VPN Products

A detailed walk through a CAS authentication

Technical White Paper - JBoss Security

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Flexible Identity Federation

SAM Context-Based Authentication Using Juniper SA Integration Guide

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

Leveraging SAML for Federated Single Sign-on:

JOSSO 2.4. Internet Information Server (IIS) Tutorial

Session Service Architecture

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Configuring. SuccessFactors. Chapter 67

OIOSAML 2.0 Toolkits Test results May 2009

Novell Access Manager

Configuring SuccessFactors

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

CA Performance Center

Computer Systems Security 2013/2014. Single Sign-On. Bruno Maia Pedro Borges

Flexible Identity Federation

Server based signature service. Overview

Microsoft Office 365 Using SAML Integration Guide

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Configuring Salesforce

Web Based Single Sign-On and Access Control

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

Designing a CA Single Sign-On Architecture for Enhanced Security

Transcription:

OpenSSO: Cross Domain Single Sign On Version 0.1 History of versions Version Date Author(s) Changes 0.1 11/30/2006 Dennis Seah Contents Initial Draft. 1 Introduction 1 2 Single Domain Single Sign-On 2 3 Cross Domain Single Sign-On 2 4 Installation and Configuration 3 4.1 Server Installation and Configuration................ 3 4.2 J2EE Agents Installation and Configuration............ 3 4.3 Web Agents Installation and Configuration............ 3 1 Introduction The Cross Domain Single Sign-On (CDSSO) is a feature that allows OpenSSO solution to protect web resources in different DNS domains. CDSSO makes it possible for users to authenticate once against OpenSSO server in a primary DNS domain, and then access protected resources in different DNS domains. CDSSO is an OpenSSO s proprietary mechanism. it is designed before Security Assertion Markup Language (SAML) and the Liberty Alliance Project existed. It is relatively easier to set up and manage CDSSO than SAML and Liberty in certain cases. 1

2 Single Domain Single Sign-On This is section, we describe how the OpenSSO solution works in Single DNS Domain setup. Browser Agents Server access protected resource redirect to login page present login page authenticate session information is added to HTTP Cookie redirect to original URL get the session info from Cookie grant/deny according to policy decision response Send policy decision request compute policy decision send Policy Decision Response Figure 1: Single Domain Single Sign-On From figure 1, it is evident that the Agents is able to retrieve the Session Information from the HTTP Cookie because Server and Agents are on the same domain. When we have Agents and Server on different DNS Domains, Agents can no longer retrieve the Session Information from the Cookie. This paper describes one solution to this issue. 3 Cross Domain Single Sign-On From figure 2, the same piece of session information is stored in two Cookies, one under Server DNS Domain and the other under Agents DNS Domain. The 2

agents is able to retrieve it and validate it against the server accordingly. 4 Installation and Configuration 4.1 Server Installation and Configuration 2. Follow the instruction in opensso/products/federation/openfm/readme to get the external libraries and build the binaries; 3. deploy openfm.war and configure it (visit the URL of deployed application to access configuration page) 4.2 J2EE Agents Installation and Configuration 2. Follow the instruction in opensso/products/j2eeagents/readme to get the external libraries and build the binaries; 3. install the agents for the web server; 4. edit AMAgents.properties to set CDSSO related parameters. com.sun.identity.agents.config.cdsso.enable = true com.sun.identity.agents.config.cdsso.redirect.uri = /agentapp/sunwcdssoredirecturi com.sun.identity.agents.config.cdsso.cdcservlet.url[0] = com.sun.identity.agents.config.cdsso.clock.skew = 0 com.sun.identity.agents.config.cdsso.trusted.id.provider[0] = 4.3 Web Agents Installation and Configuration 2. Follow the instruction in opensso/products/webagents/readme to get the external libraries and build the binaries; 3. install the agents for the web server; 4. edit AMAgents.properties to set CDSSO related parameters. 3

com.sun.identity.agents.config.cdsso.enable = true com.sun.identity.agents.config.cdsso.cdcservlet.url = 4

Server Browser Agents CDCServlet Auth Policy access protected resource redirect tocdcservlet User has not authenticated Forward request to Login Page present login page authenticate session information is added to HTTP Cookie (in the server s DNS Domain) redirect request back to CDCServlet send AuthNResponse to Agent via HTTP Redirect Extract Session Information from AuthNResponse and add it to HTTP Cookie (in the agent s DNS Domain) redirect to original URL get the session info from Cookie Send policy decision request compute policy decision grant/deny access according to policy decision response send Policy Decision Response Figure 2: Cross Domain Single Sign-On 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information