Using httpclient to realize the eager Sign in Wi/sso

Wi/sso default Eager Sign in will submit the user authentication information directly to the authentication form provided by WebSEAL, which lacks flexibility and applicability. The solution in this article adds an intermediate process between the custom login page and the WebSEAL authentication form. The login authentication process is divided into two steps: 1 provides a custom login page and servlet to collect user authentication information, usually username and password, 2 on the server side of the servlet The authentication information collected is submitted to the WebSEAL authentication form together with the necessary HTTP request data, and is processed according to the results of the WebSEAL return httpclient. If any errors occur during the authentication process, the result processing can go to the custom error page to avoid WebSEAL default authentication error handling. The advantage of this solution is its flexibility and applicability, which can effectively enhance the user experience.

SSO and IBM Wi/sso

SSO Introduction

SSO Basic Concepts

Single sign-on (Sign on, referred to as SSO) is one of the more popular solutions for enterprise business integration today. With SSO, users can access any application server in the SSO domain, without having to log on again, by simply logging on to the application server once. Its essence is to obtain access to enterprise resources.

Single sign-on is not only an important aspect of enterprise application integration (EAI), but also one of the requirements of an era of demand for SOA. It not only reduces security risk and management consumption, but also greatly simplifies the security issues of SOA, thereby improving the efficiency of cooperation between services.

SSO implementation

SSO is not a standard implementation in Java EE, but rather a mechanism for each middleware provider to share authentication information when providing Java EE application server clusters, so vendors provide different implementations. For example, IBM's WebSphere is through the cookie record authentication information, BEA's WebLogic through the session sharing technology realizes the authentication information sharing, the domestic Shenzhen Kingdee's Apusic uses the technology and the BEA WebLogic basically is consistent.

IBM Wi/sso Introduction

Basic concepts and principles of Wi/sso

The IBM-provided SSO solution--wi/sso (Web identity/single Sign on) is the standard User Service that IBM provides for its external applications to register, authorize, and manage ibm.com users. It allows users to access protected applications through the WebSEAL reverse Proxy security server component of IBM Tivoli access Manager (TAM). WebSEAL will authenticate users and manage user authentication information.

Figure 1 Wi/sso Architecture

As shown in Figure 1, WebSEAL is located in a non-protected area (demilitarized Zone, DMZ) between external and internal firewalls to forward requests to a WEB server in a Green zone. It keeps track of the protected IP address, receives requests to the WEB server or application server, provides authentication and authorization services, and forwards the address of the request to the actual destination address before sending the request.