This page demonstrate How To Implementation SSO..
Implementation of SSO is very common requirement for an Enterprise.
Enterprise will have many web applications and they would like to access
any of the application if user loged in once.
What is SSO:
Single sign-on (SSO) is an mechanism which allows user to access
multiple applications by loging in once.
Example. - ABC oraganization has 5 web application (App1,
App2,...App5). All applications supports SSO. So if any user login to
any of the application (e.g App3), he will be able to access other
application(e.g. App5) without loging in further.
There is a difference between single-sign-on (SSO) and
same-sign-on is about multiple application uses the same corporate
directory (Active Director) to authenticate the user. So same userid
works for all the applications. But all the application needs to do
authentication before allowing access to any of it's resources (e.g
page). Here authentication done by one application is not supported
(accepted) by other other application.
Where as in case of SSO, if one application authenticate the user, other
application do ask for re-authentication. Insted it uses(accept)
How SSO works
There are multiple way of SSO implementation. It varries from
application server (e.g. Websphere, Weblogic, J-BOSS) to application
But all follow certion priciple.
To implement SSO, In generatl you need to have following software
Identity Provider (idP) -Its a software which provide identity
information for an user (principals). and authentication services to
relying applications within distributed network.
- Identitiy Provider (idP)
- Application Server (e.g. Websphere Application Server) which
host the web applications
Some well know idP are Oracle Access Management (OAM)
It authenticates user and issue token. In market, there are many idP
product (s/w). Some well know idP are OIAM (Oracle Identity and Access
Service Provider - Application Server (e.g. WAS) who host the
application and provide service to end user.
Client - Who access the service provider (Browser).
SSO Setup in
Websphere Application Server (WAS)
We will discuss here how to setup SSO for web applications hosted in
Following steps are required to to enbale SSO for applications hosted in
WebSphere Application Serv3er(WAS)
- SAML Assertion Consumer Service (Installation
- Setup SAML Trust Association Interceptors in Websphere adim
- Setup Administrative Security in admin console
- Log on to the WebSphere Application Server administrative
- Go to Security > Global Security
- Click Security Configuration Wizard and follow the steps to
create a administrative user. We have created a user named admin.
- Do not enable java 2 security
- Set Identity Provider in WAS admin console (setupInsatallation
- Add IdP realms to the list of inbound trusted realms(Installation
- Custom Jars for SP Initiated SSO and User Mapping Interface
- SP Initiated SSO
- User Mapping Implementation
- Registering Your Web application with idp
- Enable Single Sign On feature your web application.
- Security Constraint in Web.xml - Add your security constraint