This article will introduce the simple scenario where the client gets the authentication token from the SSO service and appends it to the outcoming request. The receiving party can validate the incoming token by calling the SSO service. It will also shown how SAML, the standard format for the security information exchange, can enhance the SSO architecture.
Read Article Here
-
'Securing Web Services with Single Sign-On ' Posted on TSS (7 messages)
- Posted by: Nate Borg
- Posted on: March 06 2002 02:28 EST
Threaded Messages (7)
- 'Securing Web Services with Single Sign-On ' Posted on TSS by Frank Cohen on March 06 2002 15:26 EST
- 'Securing Web Services with Single Sign-On ' Posted on TSS by David L. Wasler on March 07 2002 13:45 EST
-
'Securing Web Services with Single Sign-On ' Posted on TSS by Zdenek Svoboda on March 07 2002 04:01 EST
- SSO for web service using Tomcat by Nguyen Manh Tuong on November 28 2005 01:44 EST
- 'Securing Web Services with Single Sign-On ' Posted on TSS by Jon Tirsen on March 08 2002 03:01 EST
-
'Securing Web Services with Single Sign-On ' Posted on TSS by Zdenek Svoboda on March 07 2002 04:01 EST
- 'Securing Web Services with Single Sign-On ' Posted on TSS by David L. Wasler on March 07 2002 13:45 EST
- 'Securing Web Services with Single Sign-On ' Posted on TSS by Guillaume Compagnon on April 02 2002 07:59 EST
- 'Securing Web Services with Single Sign-On ' Posted on TSS by Janet Carmichael on April 07 2002 03:05 EDT
-
'Securing Web Services with Single Sign-On ' Posted on TSS[ Go to top ]
- Posted by: Frank Cohen
- Posted on: March 06 2002 15:26 EST
- in response to Nate Borg
SAML seems like a good specification at first read. It's a needed specification. Of course, the spec won't mean much to the average IT guy at an enterprise until applications start showing-up that implement SAML methods.
I updated my IBM developerWorks article on using Web Services and XML-RPC to do single-sign-on to reference the Server Side article and the Oasis SAML spec. The article is at: http://www-106.ibm.com/developerworks/webservices/library/ws-single/
-Frank Cohen, www.PushToTest.com
-
'Securing Web Services with Single Sign-On ' Posted on TSS[ Go to top ]
- Posted by: David L. Wasler
- Posted on: March 07 2002 13:45 EST
- in response to Frank Cohen
Hi:
The article is great start for me trying to improve my web services security.
Question: Can you provide information on how to applied your article to WebLogic 6.2 or beta 7.0.
Thank You
David L. Wasler -
'Securing Web Services with Single Sign-On ' Posted on TSS[ Go to top ]
- Posted by: Zdenek Svoboda
- Posted on: March 07 2002 16:01 EST
- in response to David L. Wasler
David,
The SSO service is the ordinary SOAP web service that can be deployed to any application server that the specific SOAP stack supports. In case of WASP card, it runs on WASP Server that supports all leading J2EE application servers including WebLogic. If you're interested in exact steps how to port WASP Card to WebLogic, please send us an e-mail to tutorial at systinet dot com .
Hope this is helpful
ZD -
SSO for web service using Tomcat[ Go to top ]
- Posted by: Nguyen Manh Tuong
- Posted on: November 28 2005 01:44 EST
- in response to Zdenek Svoboda
Dear all,
I need to implement the SSO for web services-based application.
I follow this guide but some links don't work.
Could you re-update the SSO solution for Web service using any Web server such as Systinet, Tomcat...etc
I am looking forward to hearing from you soon
Wall -
'Securing Web Services with Single Sign-On ' Posted on TSS[ Go to top ]
- Posted by: Jon Tirsen
- Posted on: March 08 2002 03:01 EST
- in response to David L. Wasler
When implementing a similar single-sign-on on Weblogic Server 6.1 we did the following in a project:
- Deployed the Authentication-service on a separate instance.
- Wrote a ServletFilter which handled the authentication of the Client. The filter was deployed in .war-file to filter all requests to protected resources.
- Wrote a custom security-realm to handle the authorization. The "username"-field was used to pass the authorization-token to the security-realm. Not the best design but it worked. I guess this could have been cleaner if we used JAAS instead. -
'Securing Web Services with Single Sign-On ' Posted on TSS[ Go to top ]
- Posted by: Guillaume Compagnon
- Posted on: April 02 2002 07:59 EST
- in response to Nate Borg
Spec on Oasis web site
http://www.oasis-open.org/committees/security/
is on 1.0 "committee draft review" version.
But what about products implementing this spec ?
Do U have any feedback on Netgrity JSAML toolkit or
Systinet WASP Server Advanced and WASP Card ?
and people who have implemented themselves the SSO solution ... have U tried to follow the SAML standard ?
Regards. -
'Securing Web Services with Single Sign-On ' Posted on TSS[ Go to top ]
- Posted by: Janet Carmichael
- Posted on: April 07 2002 03:05 EDT
- in response to Nate Borg
I was following the tutorial from Systinet at:
https://www.theserverside.com/resources/article.jsp?l=Systinet-web-services-part-1
I downloaded and installed wasp_advanced_3.0.3final.zip and the required Wasp_Demo folder mentioned in the article.
However, I could not located "server.bat" file in C:/wasp_advanced/bin.
I was wondering if the version has changed wince the tutorial was written.
Thanks,
Janet
RavenTech