A preliminary study on SiteMinder SSO agent
The company has been using WebLogic development, the CA has ready-made SSO agent for WebLogic, simply encapsulation can be, mainly through the filter+serevlet to achieve.
Later, with the SSO agent from JBoss, I also imagined tomcat/jetty replace WebLogic as a Web server, so consider the development of the custom SSO agent for Web container.
The approximate design structure:
Component 1:authenticator/filter: can support cross Domain,cookie,form
Component 2:loginmodule/provider: Include identity and form independent components
1.tomcat using Jaas (SSO realm + form Realm) + authenticator to implement
2.jetty using Jass (SSO realm _+ Realm) + Authenticator to implement
Both SSO realm and form realm are standard JAAS implementations, and Tomcat and jetty inherit their own formauthenticator to extend them respectively.
Certification Process Processing:
A.sso cross-domain
You need to configure the SiteMinder cookie provider to generate cookies and sessions to facilitate the generation of a bridge for different domain cookies;
To determine whether the request has been certified, how to authenticate the direct adoption.
If you are landing request J_security_check, use Smssion to login, if passed, realm authentication (get permission role); Authentication successful, jump to Cookieprovider (generate Cookieprovider Domain cookie or smsession); How to authenticate successfully, end.
Login using SSO cookie, if passed, realm authentication, successful authentication, jump to Cookieprovider (Generate Cookieprovider domain cookie or smsession); If the certification succeeds, the end
. Jump to landing page.
B.sso same domain
To determine whether the request has been certified, how to authenticate the direct adoption.
If the login request J_security_check, use SSO cookie to log in, if passed, realm authentication (get permission role). How to authenticate successfully, end
. Jump to landing page.
C. Non-SSO
. Realm Certification. If successful, jump to the Welcome page. Otherwise jump to login error page.
Smagent SDK 4.x is required to configure a static key on policy server, 5.x can be registered to build smhost.conf,smagent load,
Reference:
Jaas:http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/tutorials/index.html
Siteminder:https://support.ca.com/cadocs/0/ca%20siteminder%20r6%200%20sp6-enu/bookshelf_files/html/index.htm? Toc.htm?937146.html