A preliminary study on SiteMinder SSO agent

Source: Internet
Author: User
Tags tomcat siteminder
A preliminary study on SiteMinder SSO agent


The company has been using WebLogic development, the CA has ready-made SSO agent for WebLogic, simply encapsulation can be, mainly through the filter+serevlet to achieve.

Later, with the SSO agent from JBoss, I also imagined tomcat/jetty replace WebLogic as a Web server, so consider the development of the custom SSO agent for Web container.

The approximate design structure:

Component 1:authenticator/filter: can support cross Domain,cookie,form

Component 2:loginmodule/provider: Include identity and form independent components





1.tomcat using Jaas (SSO realm + form Realm) + authenticator to implement

2.jetty using Jass (SSO realm _+ Realm) + Authenticator to implement

Both SSO realm and form realm are standard JAAS implementations, and Tomcat and jetty inherit their own formauthenticator to extend them respectively.



Certification Process Processing:
A.sso cross-domain
You need to configure the SiteMinder cookie provider to generate cookies and sessions to facilitate the generation of a bridge for different domain cookies;
To determine whether the request has been certified, how to authenticate the direct adoption.
If you are landing request J_security_check, use Smssion to login, if passed, realm authentication (get permission role); Authentication successful, jump to Cookieprovider (generate Cookieprovider Domain cookie or smsession); How to authenticate successfully, end.
Login using SSO cookie, if passed, realm authentication, successful authentication, jump to Cookieprovider (Generate Cookieprovider domain cookie or smsession); If the certification succeeds, the end
. Jump to landing page.

B.sso same domain
To determine whether the request has been certified, how to authenticate the direct adoption.
If the login request J_security_check, use SSO cookie to log in, if passed, realm authentication (get permission role). How to authenticate successfully, end
. Jump to landing page.

C. Non-SSO
. Realm Certification. If successful, jump to the Welcome page. Otherwise jump to login error page.

Smagent SDK 4.x is required to configure a static key on policy server, 5.x can be registered to build smhost.conf,smagent load,


Reference:
Jaas:http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/tutorials/index.html
Siteminder:https://support.ca.com/cadocs/0/ca%20siteminder%20r6%200%20sp6-enu/bookshelf_files/html/index.htm? Toc.htm?937146.html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.