through sessions. Cookie is a client mechanism that stores the following content: name, value, expiration time, path, and domain. The combination of paths and fields constitutes the scope of cookie, therefore, the cookie method can be used to implement SSO, but the domain name must be the same. session is a server-side mechanism. When the client accesses the server, the server creates a unique sessionid for the client, in order to maintain the status throughout the interaction process, and the
unique sessionid for the client, in order to maintain the status throughout the interaction process, and the interaction information can be specified by the application. Therefore, the session method is used to implement SSO and single-point logon cannot be implemented between multiple browsers, but it can be cross-origin.
Is there a standard for SSO? How can we make information interaction between products in the industry more standard and secure? For this purpose,
SAML, you can use XML documents to display Security Information and securely transfer security information from one application to another. This standard has been standardized by the organization for the promotion of structural information standardization (OASIS. SAML allows applications to communicate with various security systems provided by different vendors.
Shibboleth is a SAML standard-based single sign-on implementation. http://shibboleth.net/products/
SAML2 's introduction:
1. The Saml in my eyes
2. Oasis Official Documentation
Two words of the word SAML:
In SAML2 's web SSO (browser-based single sign-on, excluding app user authentication) model, there are two im
EncryptedData element in row 3 is decrypted, the order element is normalized and the signature is properly verified.
Other related languages and specificationsHiding sensitive information in XML documents, establishing integrity, and authenticating the sources of different parts of these documents is mainly handled by following the steps listed in encryption and signature specifications, this specification is described in the referenced W3C draft (see references ). In addition, there are other
described in the referenced draft. In addition, there are other closely related areas, such as authenticating users or systems, identifying authorization levels, and managing keys, all of which are related to XML security.SAML is an OASIS-driven model that attempts to integrate competing AUTHML and S2ML specifications to facilitate the interchange of authentication and authorization information. The Extensible Access Control Markup language is closel
, and you need to deploy the generated WSDL to the application server, which also installs some necessary webservice files to the application server. Here's a check for the WebService security type: Username token, SAML token.For these two types of security, you can read the securing e-business Suite Web Services with Integrated SOA Gateway in detail for a detailed explanation.Create GrantWhen the deployment is complete, the WebService state becomes d
whether to support digital signatures, encryption, authentication and authorization, and how to support them. Web Service requesters Use the security elements of a service description to find service endpoints that meet policy requirements and their security methods.
2 Oasis set up a technical committee to define authorization and authentication assertions (authorizationandauthenticationassertions, called SAML
following sections.
Safety
The Web Service security specification is used to secure messages. This specification mainly includes authentication exchange, message integrity and message confidentiality. The specification is attractive because it uses existing security standards, such as SAML (as Security assertion Markup Language), to secure Web service messages. Oasis is working on the development of Web se
example, the telephone systemA promotion enterprise is a key task system, and a text processing system is not that critical .) It is used to address advanced requirements, such as security, reliability, and transactions. When an enterprise begins to use the service architecture as a toolBasic Web service specifications, such as WSDL, soap, and UDDI, cannot meet these advanced requirements when developing and deploying applications. As mentioned above, these requirements are also called service
it uses existing security standards, such as SAML (as Security assertion Markup Language), to secure Web service messages. Oasis is working on the development of Web services security specifications.
Reliable
In a typical SOA environment, there will be several different documents exchanged between the service consumer and the service provider. With such things as "Send only once" (Once-and-only-once de
accesses the application server, he/she performs active identity authentication from the broker and then carries the ticket license to the authorization server to obtain the service ticket. The user carries the service ticket to request the application server, the Application Server verifies the service bill and then provides the response service.
Agent-based (Agent-based)
An Identity Authentication Proxy exists in the proxy-based SSO system. When a user logs on to the server, the proxy program
that require single sign-on are placed within a secure network segment that is isolated from the gateway. The client obtains the service authorization after authentication.
Security Assertion Markup Language (SAML)-based implementation
The advent of SAML (Security assertion Markup Language, secure Assertion Markup Language) greatly simplifies SSO and is approved by Oas
certification service invented by MIT, has been integrated into the operating system by UNIX and Windows as the default security Authentication service.3. agent-based (based on agent)In this solution, there is an agent that automatically authenticates the user as a different application. This agent needs to be designed with different functions. For example, it can use a password table or encryption key to automatically move the burden of authentication away from the user. The agent is placed on
security certification service invented by MIT, has been integrated into the operating system by UNIX and Windows as the default security Authentication service.3. agent-based (based on agent)In this solution, there is an agent that automatically authenticates the user as a different application. This agent needs to be designed with different functions. For example, it can use a password table or encryption key to automatically move the burden of authentication away from the user. The agent is
". For example, Kerberos, sesame, and IBM kryptoknight (Credential library idea.(3) Agent-based)In this solution, there is a proxy that automatically authenticates user identities for different applications. This agent needs to be designed with different features. For example, it can use a password table or an encryption key to automatically remove the authentication burden from the user. The proxy is placed on the server and acts as a "Translation" between the server's authentication system an
Language (SAML), the emergence of SAML (Security Assertion Markup Language, Security Assertion Markup Language) greatly simplifies SSO, it is also approved by Oasis as the Implementation Standard of SSO. Opensaml, an open-source organization, implements the SAML specification. See the http://www.opensaml.org.
III,Sun
Security Assertion Markup Language (SAML), the emergence of SAML (Security Assertion Markup Language, Security Assertion Markup Language) greatly simplifies SSO, it is also approved by Oasis as the Implementation Standard of SSO. Opensaml, an open-source organization, implements the SAML specification. See the http://
security certification service invented by MIT, has been integrated into the operating system by UNIX and Windows as the default security Authentication service.3. agent-based (based on agent)In this solution, there is an agent that automatically authenticates the user as a different application. This agent needs to be designed with different functions. For example, it can use a password table or encryption key to automatically move the burden of authentication away from the user. The agent is
security certification service invented by MIT, has been integrated into the operating system by UNIX and Windows as the default security Authentication service.3. agent-based (based on agent)In this solution, there is an agent that automatically authenticates the user as a different application. This agent needs to be designed with different functions. For example, it can use a password table or encryption key to automatically move the burden of authentication away from the user. The agent is
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.