Setting up Single Sign On (SSO)

Get the basics on Security Assertion Markup Language (SAML) concepts and steps for achieving single sign-on (SSO) with the Sun JavaTM System Access Manager 7.1 and the SAML 1.x Web Browser Artifact Profile in a SunSM Developer Network article written by Vasanth Bhat and Marina Sum.

SAML effects the exchanges of authentication and authorization data between an identity provider (IdP) and a service provider (SP). In this article, the Sun Java System Access Manager is the IdP and the SP is SAP NetWeaver Enterprise Portal 2004s deployed on SAP NetWeaver Application Server Java or the SAP JavaTM 2 Platform Enterprise Edition (J2EETM) Engine.

The two key concepts of SAML outlined by Bhat and Sum are:

Assertion: a declaration of facts that contain information on the authentication, authorization or attributes of a principal (user)

Profile: a set of rules that define how to embed and extract assertions. A profile describes how the assertions are combined with other objects by an authority, transported from the authority and subsequently processed at the trusted partner site.

Profiles are further defined by SAML as the Web Browser Artifact Profile, which includes a pointer to the SAML assertion called an artifact in the query string of an HTTP redirect to the SP, and the Web Browser POST Profile, which includes a SAML assertion in the response that is sent to the SP by the IdP as part of an HTML form. These profiles can vary depending on how the assertion is exchanged between the IdP and the SP.

Bhat and Sum proceed through a 12-step process flow of SSO authentication and authorization; configuring the Sun Java System Access Manager with SAP J2EE Engine; configuring SAP NetWeaver Application Server for SAML authentication; and then testing the SSO mode in SAP NetWeaver Enterprise Portal 2004s with SAML assertions.

Figures displaying the resulting outcomes of each step in the process are provided as are references for more detailed resources. See the article on the SDN site. [...read more...]

fullsource

Keywords:

Other articles in the Developer section of Volume 111, Issue 3:

Setting up Single Sign On (SSO)
Tutorials for Using OpenJDK with NetBeans IDE
The SDN Share Program - A New Online Community for Sun Developers
Project OpenDMK - The Open Source Version of the Java Dynamic Management Kit

See all archived articles in the Developer section.

From the latest issue:

Top 10 Most Popular Articles in Current Issue (Vol 145, Issue 3)
What's in Store for the Oracle Office Product Family Oracle, OpenSolaris, and Solaris A More Direct Channel Model Planned for Oracle-Sun PSA Deploys GlassFish in the Manufacture of Peugeot, Citroën Vehicles Oracle Enterprise Manager Ops Center Released	"Solaris 10 ZFS Essentials" Mobile Desktop Grid Sun Storage 7000 2010.Q1 Quality and Features Flash Storage in Exadata V2 Cuts Query Processing Time Significantly Oracle Works to Assuage the Anxieties of Its Customers

Recent Blog Entries as of March 21, 2010, 4:00 pm
Oracle Works to Assuage the Anxieties of Its Customers SysAdmin News Bites Oracle Enterprise Manager Ops Center Released Suits and Their Countersuits A More Direct Channel Model Planned for Oracle-Sun	The Importance of Information Storage and Management Sun POJO Service Engine User's Guide Sun Storage 7000 2010.Q1 Quality and Features PSA Deploys GlassFish in the Manufacture of Peugeot, Citroën Vehicles Running VirtualBox VMs as Services in Windows
Blog RSS Feed