Build and Implement A Single Sign-On Solution
By Chris Dunne
2004-01-28
Reader Rating: 
SSO open source projects
As I mentioned in the introduction, I am currently building a Web portal for an educational institution. This portal will provide an online learning environment for students enrolled in distance-education courses.
The building blocks of the portal are already in place. The site exists, course content has been developed, a virtual learning environment is in place, and productivity applications (such as diaries, calendars, email, and notebooks) have been built or acquired. All of these components are already in use by full-time students and each application runs on its own server.
The client now wants to enable remote access to these applications through a Web browser, so a portal is being built to provide a single point of entry to the applications and it is intended to provide users with single sign-on. Once the user logs into the portal, his login is authenticated and then he is given access to all other authorized resources available in the portal.
I decided to search for information on how to implement a SSO scheme, looking for useful white papers, products, and open source initiatives. I used the following criteria to narrow my search:
• Java implementation. The portal application infrastructure is a Java-based one. I needed a compatible implementation based on a language we could work with.
• Easy to implement. Easy in the sense that it would not require extensive modification to the infrastructure or existing applications.
• A proven track record. It should be currently in use in large organizations as well as being actively developed.
LDAP-compatible. Our customer uses Microsoft Active Directory Server, so I needed a system that could easily authenticate a user against ADS.
• I was pleasantly surprised to find several well-established open source initiatives. (See Resources for a list.)
I began to develop a prototype using the CAS, or Central Authentication Service, system from Yale University because it fit all of my criteria. It is Java-based and the source code is available. It can be implemented in Java application environments with relative ease through the use of JSP tags and servlet filters. It is in use at Yale University, so that indicates a sufficient level of quality and testing to satisfy my criteria. It is also built in such a way that the actual authentication mechanism, whether it is a lookup of a username and password in a database or LDAP server, can be easily changed or extended.
First published by IBM developerWorks
If you found this article interesting, you may want to read these as well:
» Scheduling Recurring Tasks In Java Applications
» Eye On Performance: A Load Of Stress
» A Brief History Of Garbage Collection
|
