• No results found

OpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "OpenAM. 1 open source 1 community experience distilled. Single Sign-On (SSO) tool for securing your web. applications in a fast and easy way"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

OpenAM

Written and

tested with

OpenAM Snapshot

9—the

Single Sign-On (SSO)

tool for

securing

your

web

applications

in

a

fast

and easy way

Indira

Thangasamy

[

PUBLISHING BIRMINGHAM- MUMBAI

1

open

source

(2)

Table of

Contents

Preface

1

Chapter

1:

Getting

Started

7

History

of

OpenSSO

9

OpenSSO

vs.

OpenAM

10

OpenSSO—an

overview

11

OpenSSO

services 11

Federation services 12 Web Services

Security

and Secure Token Service 13

OpenSSO

Entitlements Service 15

What kind of

problems

does

OpenSSO

solve? 16

Accessmanagement 16

Federation 16

Securingweb services 17

Entitlements 18

Summary

19

Chapter

2:

OpenSSO Deployment

and

Configuration

21

Deployment

requirements

for

OpenSSO

web

application

22

Containers and

operating systems support

22

Java SDK

support

23

Disk and memory

requirements

23

Browser

requirements

24

Configuration

storeversus

Identity

Store 24

Configuration

store 24

Embedded

configuration

store 25 External Sun

Directory

ServerEnterpriseEditionconfigurationstore 26

Identity

store 27

Howto obtain

OpenSSO

28

Building OpenSSO

from source 28

(3)

Table

of

Contents

Configuring

OpenSSO

31

Installing

and

configuring Apache

Tomcat

6.0.20 31

OpenSSO

one click

configuration

34

Verifying

OpenSSO

configuration

37

What

just

happened?

38

OpenSSO-configuration

choices 39

Single

server

configuration-using

embedded

configuration

store 40

Layout

of the

configuration directory

46

Single

server

configuration-using

external

configuration

store

47

Multi-server

configuration-embedded

configuration

store

50

Prerequisites

for multi-server

configuration

51

Adding

OpenSSOtoanexisting

deployment

52

Verificationofmulti-serverdeployment 55

Configuring using

command line

configurator

56

Configuring OpenSSO

with SSL/TLS 58

Configuring

command line tools 58

Uninstalling

OpenSSO

61

OpenSSO

release and

support model

61

Summary

62

Chapter

3:

Administrating OpenSSO

63

Administration

interfaces

64

Accessing

the administrative console 65

Console views

and

privileges

66

Console

landing

page-common

tasks

69

Access

control tab 70

General 71 Authentication 71 Service 72 Datastores 73 Privileges 74 Policies 77

Subjects

79 Agents 81

Configuration

83

Retrieving

all theserver

properties

84

Updating serverconfiguration properties 84

Removing

propertiesfromserver

configuration

85

Sessions

tab

85

Managing

sessions usingssoadm 86

Customizing

the console

86

Extending

LDAP

schema 87

Customizing

OpenSSO

User Service 88

(4)

Table

of

Contents

Removing

User Service schema 89

Adding

the

updated

User Service schema 90

Adding

the labels 90

Addingthe custom attributesto data store

configurations

91

Updating privileges

92

Testing

the

changes

93

Summary

94

Chapter

4: Authentication and Session

Service

95

Authentication process

96

Cookies

in

OpenSSO

97

Authentication

types

and

URL

parameters

98

Module 99 Level 100 Service 100 User 101 Role 101 Realm 101 Resource 102

Other authentication URL

parameters

103

I DToken parameter 103

goto

and

gotoOnFail parameters

103

localeparameter 104

arg parameter 105

iPSPCookieparameter 106 ForceAuth

parameter

106 PersistAMCookie parameter 107

Authentication

modules, instances,

and chains 107

LDAP authentication

108

Creating

anauthentication instance 108

Updatinganauthentication instance 109

Reading

anauthentication instance 109

Using

an authentication instance 110

Deletinganauthentication instance 110

Authentication chains

111

Creating

anauthentication chain 112

Updating

anauthentication chain 112

Reading

anauthentication chain 113

Using an authentication chain 113

Performing

auser-based authentication 113

Deleting

anauthentication chain 114

Authentication modules

114

LDAP 115 Active

Directory

115

Data

store 115

Anonymous

116 Certificate

(X.509)

116

(5)

Configuring

Tomcat in

SSL

using

CA

signed

certificate

117 HTTP basic

authentication

120

Membership

120 JDBC 120

HOTP

121

SecurlD

122

SafeWord

122

RADIUS

122

Unix

123

Windows NT

123

Windows

Desktop

SSO

124

Core 124

User

profile requirement

124

Setting userprofileattributes inan SSO token 126

Adding

custom authentication modules 128

Session Service

129

Session Service

schema

130

Updating

Session Service 130

Session life

cycle

131

Session

structuring

131 Session state transition 132 Sessionproperties 133 Session

change

notification and

polling

134 Sessionpersistenceandconstraints 135

Summary

136

Chapter

5: Password Reset and Account

Management

137

Account lockout

138

Configuring

account lockout 138

Physical

lockout

140

In-memory

lockout

141

Applying

a

password

reset 142

Prerequisites

142

Configuring

the

password

reset service in

OpenSSO

143

Assigning

service and

update

service attributes 143

Creating and

assigning OpenDS password policy

149

Summary

153

Chapter

6:

Protecting

a

Simple

Web

Application

to Provide SSO

155

OpenSSO

Policy

Framework

156

Protecting

a

sample

application

on Tomcat 158

Creating

theagent

profile

159

(6)

Table

of

Contents

Deploying

and configuringtheJava

application

160

Creating policies

and associated identities 161

Testing

the SSO 164

Fetching userprofileattributes 167

Summary

168

Chapter

7:

Integrating

Salesforce and

Google

Apps

169

Integrating

OpenSSO

with Salesforce

applications

170

Configuring

hosted

identity provider

and circle

of trust

171

Configuring OpenSSO

metadata

for Salesforce.com

172

Configuring

users for

Salesforce.com

174

Verifying

the SSO 176

Integrating

with

Google

Apps

177

Configuring

the

hosted

identity provider

178

Configuring

SSO

parameters

at

Google Apps

179

Configuring

usersfor

Google Apps

180

Verifying

SSO

181

Summary

183

Chapter

8:

Identity

Stores

185

Identity

store

types

186

Caching

and notification 188

Persistent search-based notification

189

Time-to-live based notification

191

TTL-specific

properties

for

Identity

Repository

cache

191

Supported identity

stores

192

User

schema 192

Access

Manager Repository plugin

193

Creating

anAccess

Manager Repository

plugindata store 194

Displaying

the data store properties 195

Updating

data store

properties

196

Deleting

data stores 196

Removingthe AccessManager Repository plugin 196

Oracle

Directory

Server

Enterprise

Edition

197

Creatingadata store for Oracle DSEE 197

Updating

the datastore 198

Deleting

the datastore 198

Data store for

OpenDS

198

Data store for Tivoli DS

199

Data store for Active

Directory

199

Datastorefor

Active

Directory

Application

Mode 199

Datastore

for

OpenLDAP

200

(7)

TableofContents

Extending

the

schema

201

Preparing

the suffix with

necessary entries

202

Creating

an

OpenLDAP

data

store

203

Testing

the data store

203

Multiple

data

stores

204

Summary

205

Chapter

9:

RESTful

Identity

Services

207

Prerequisites

208

Invoking

REST

interfaces

210

Authentication

210

Authenticating

with URL

parameters

211

Validating

an

SSO

token

212

Invalidating

session

(logout)

213

Creating

log

events

213

Authorization

214

Identity

CRUD

operations

215

Searching

identities 215

Searchingforuseridentities 216

Searching

groups 216

Searching

for

agents

216

Retrieving identity

attributes

217

Creating agent

identities 218

Creating

user identities

219

Creating

group identities

219

Updating

identities

220

Deleting

identities

221

Deleting

useridentities 221

Deleting

group identities 221

Deleting theagentidentities 221

Other REST interfaces 222

Summary

222

Chapter

10:

Backup, Recovery,

and

Logging

223

Backing

up

configuration

data 224

Backing

up the

OpenSSO

configuration

files

225

Backing

up

the

OpenSSO

configuration

data

226

Crash

recovery

and restore

227

Test to

production

228

Performing

the

configuration

change

229

Configuring

theexporttestserver 229

Configuring OpenSSO

ontheproduction server 230

Adapting

thetest

configuration

data 231

(8)

Table ofContents

OpenSSO

audit and

logging

232

Enabling debug

(trace) level

logging

233

Audit

logging

234 File-based

logging

236

Database

logging

237 Remote

logging

240 Secure

logging

240

Summary

243

Chapter

11:

Troubleshooting

and

Diagnostics

245

OpenSSO diagnostic

tools

245

Installing

and

configuring

the

tool

246

Invoking

the tool 246

Troubleshooting

248

Installation and

configuration

249

Scenario 1 249

Scenario 2 250

Scenario 3 250

Scenario4 251

Authentication and session

areas 252

Scenario 1 252

Scenario2 252

Scenario 3 252

Scenario 4 253

Identity repository

and

password

reset 253

Scenario 1 253

Scenario 2 254

Scenario 3 254

Scenario4 255

Scenario 5 255

Policy

and

agents

255

Scenario 1 255

Scenario 2 256

Scenario 3 257

Command line tools 257

Scenario 1 257

Scenario 2 258

Summary

259

Index

261

References

Download now ( PDF - 8 Page - 267.60 KB )

Related documents

Why Did They Enroll? The Factors Influencing College Choice

First-year students at two-year career and private schools indicated slightly higher importance scores on all items, with the recommendations from family and friends as well

INTRODUCTION TO CRIMINAL JUSTICE (C) CJUS 1100

Based  upon  the  reading,  and  in­class  discussions  you  will  know  you  have  mastered  the  material when you are able to: 

A Study of the Relationship Between Unemployment, Intimate Partner Violence, and Child Maltreatment in the United States

Related to the third unemployment spike during the study period (i.e., June 2001 to September 2006), H4 asserted a statistically significant, positive correlation between

Changes in Knowledge Management Strategies Can Support Emerging Innovative Actors in Organic Agriculture: The Case of Participatory Plant Breeding in Europe

Plant breeding strategies permit the identification of the knowledge management approach to which a specific farmer or researcher refers, and, as a consequence, the

Resource Provisioning for Web Applications under Time-varying Traffic

At the beginning of each service interval, an estimate of the arrival rate is used as input to the M/PH/1 (FCFS) model to determine the required capacity to meet the performance

Improving Commercialization of Environmental Technologies through EPA\u27s Small Business Innovation Research (SBIR) Program

The Small Business Innovation Development Act of 1982 created the federal Small Business Innovation Research (SBIR) program as a means to “strengthen the role of small businesses

- Spanning Tree Protocol -

If multiple ports are in a blocking state, whichever port has the lowest root path cost will transition to forwarding.. UplinkFast is disabled by default, and must be enabled

THE CONSTITUTION OF THE UNION OF BURMA (1974)

The term of office of State Judges' Committees, Divisional Judges' Committees, Township Judges' Committees, Ward Judges' Committees and Village-tract Judges' Committees shall be