Protecting Applications With OpenSSO and Policy Agents

In Part 1 of Sean Brydon, Aravindan Ranganathan and Marina Sum's three-part series on "Protecting Java EE Applications with OpenSSO Policy Agents" the authors deal with the basic steps of the process. They show how installing a Policy Agent at the application-server instance that applications are deployed on, and then configuring that Policy Agent, users can enforce authentication, single sign on (SSO) and authorization.

The authors assert that this approach is far simpler and less time-costly than the standard approach involving SSO's security devices, the client SDK, or identity services that exploit the Simple Object Access Protocol (SOAP) and Representational State Transfer (REST) interfaces.

The declared aims of Part 1 are that readers will learn how to create user accounts for OpenSSO and how to mandate that users log in and be authenticated before being granted access to the application. The authors assume a familiarity among readers with the basics of OpenSSO and Policy Agents and that these are installed on their systems. A link to a tutorial is included for those needing assistance with the installation.

The contents of Part 1 include an overview of how OpenSSO and a Policy Agent function when installed on different containers; a simple example of how the Policy Agent is able to cache information and can do without interaction with the OpenSSO each time it does so; a section on the procedure to follow in accomplishing the declared aims; and a conclusion. Code samples and abundant screen shots are provided throughout the article for clarification.

Part 2, "Same-Domain SSO," shows readers how to specify the resources they do not wish to be protected by the Policy Agents.

Part 2 begins with an overview of the three types of SSO: same-domain SSO or SSO; cross-domain SSO (CDSSO); and federation. The authors note that users can enforce SSO, CDSSO and federation with Sun OpenSSO Enterprise 8.0 but in Part 2 they demonstrate how to achieve same-domain SSO only with that software.

As in Part 1, the authors provide code samples and screen shots that illustrate the procedure and then provide a demonstration of SSO with the sample application from Part 1. The demo illustrates how employees might log on to one application on their company's intranet and then access other applications, protected by OpenSSO and Policy Agents, without needing to log in yet again.

In Part 3, the authors will show how access to predefined resources can be restricted to only certain users.

More Information

OpenSSO

OpenSSO Resource Center

OpenSSO Express Support

Policy Agent Download

GlassFish Community [...read more...]

Keywords:

fullsource

Current

Profile

Archive

Blog

Generate newsletter

Other articles in the Developer section of Volume 132, Issue 3:

Protecting Applications With OpenSSO and Policy Agents (this article)
Developer News Bites - Sun Studio & Parallel Computing, Free GUI for HDR Imaging, "Beginning PHP and MySQL E-Commerce", VisualVM 1.1, Sun Certified Solaris Associate, SF PHP Meetup, Drupal Theme Wizard, Ruby on Rails with Apache and MySQL on OpenSolaris

See all archived articles in the Developer section.

Top 10 Most Popular Articles in Current Issue (Vol 168, Issue 1)
Sun ZFS Storage Appliances Earn Highest Ratings for Enterprise and Midrange NAS Systems SPARC T4 Server Momentum Expands Demand for SPARC System Oracle Sun Ray 3 Series Clients Capture 2011 Good Design Award SPARC T4 Servers Find Favor with Telecommunications Service Providers Oracle Ships Over 1 Exabyte of Media for StorageTek T10000C Tape Drives	How to Manage the ZFS Storage Appliance with JavaScript: Three Approaches Exactly What Is Big Data? Building a Secure Cloud with Identity Management Oracle Secure Global Desktop Allows Simplified, Anywhere, Access to Applications Migrating from SUSE Linux to Oracle Linux 5.5