Three-part Article Series on Troubleshooting OpenSSO with Firefox Add-Ons

Firefox, combined with the Live HTTP Headers and HackBar add-ons, is a powerful troubleshooting tool, writes Jim Faut in a three-part article co-authored with Rick Palkovic that covers "Troubleshooting OpenSSO with Firefox Add-Ons: Part 1, Introduction; Part 2, Single Sign-On and Policy Protection; and Part 3, Cross-Domain Single Sign-On."

Inspecting the traffic flowing through a browser can provide valuable insight into the transactions that comprise an OpenSSO solution. The paper presents an example that shows how enabling the Cross-Domain Single Sign-On feature increases the amount of traffic passed through the user's browser. Even though this data can seem overwhelming at first, the authors point out that, with the help of the HackBar Add-on users can decode the data and really understand the interaction between the policy agent and the OpenSSO server.

The series is written for the user who has already configured an OpenSSO deployment, and used the default OpenSSO configuration. The article also assumes that readers will have configured a policy agent on a web server to demonstrate the way it interacts with the OpenSSO server. The examples for the series were developed with Firefox 3.0.6. though Firefox 2.x works similarly, the authors point out. There are numerous screen shots throughout the articles that illustrate the points being made.

One of these illustrations depicts the interaction between the user's browser, the policy agent, and OpenSSO in the discussion of simple single sign-on and policy protection.

The combination of Firefox and the Live HTTP Headers and HackBar Add-ons more than prove their value, the authors note, in an environment that has the OpenSSO and policy agent applications protected with SSL encryption. In this case, it is impossible to "snoop" the traffic on the network. These tools expose the data in its unencrypted form so that this type of troubleshooting is possible.

In the third section of the article the authors explore an OpenSSO deployment designed for cross-domain sign-on. Using the Live HTTP Headers and HackBar add-ons for the popular Mozilla Firefox web browser, users can gain insight into OpenSSO interactions and better understand how the system works, they write.

In this section, the authors present the example of a more complex interaction between OpenSSO and the policy agent. Cookie Hijacking Prevention has been enabled according to the directions in the "Sun OpenSSO Enterprise 8.0 Administration Guide: Precautions Against Session-Cookie Hijacking in an OpenSSO Enterprise Deployment." A sequence diagram depicts the interactions among the browser, policy agent, and OpenSSO during a CDSSO exchange.

More Information

Sun OpenSSO Enterprise

Sun Java System Access Manager

Sun Developer Services [...read more...]

Keywords:

fullsource

Current

Profile

Archive

Blog

Generate newsletter

Other articles in the Security section of Volume 134, Issue 3:

Karlsruhe Institute of Technology Implements Sun Identity Management Solution
Three-part Article Series on Troubleshooting OpenSSO with Firefox Add-Ons (this article)

See all archived articles in the Security section.

Top 10 Most Popular Articles in Current Issue (Vol 168, Issue 1)
Sun ZFS Storage Appliances Earn Highest Ratings for Enterprise and Midrange NAS Systems SPARC T4 Server Momentum Expands Demand for SPARC System Oracle Sun Ray 3 Series Clients Capture 2011 Good Design Award SPARC T4 Servers Find Favor with Telecommunications Service Providers How to Manage the ZFS Storage Appliance with JavaScript: Three Approaches	Oracle Ships Over 1 Exabyte of Media for StorageTek T10000C Tape Drives Exactly What Is Big Data? Building a Secure Cloud with Identity Management Oracle Secure Global Desktop Allows Simplified, Anywhere, Access to Applications Migrating from SUSE Linux to Oracle Linux 5.5