« What's Going On with... | Main | Hot Off Two Presses:... »
Thursday Aug 14, 2008

Supported Security Tokens and Mr. Rock & Roll

The OpenSSO Security Token Service was developed from the WS-Trust protocol which defines extensions to the WS-Security specification for issuing and exchanging security tokens and establishing and accessing the presence of trust relationships. The Security Token Service is hosted as a servlet endpoint and coordinates security based interactions between a WSC and a WSP. The Security Token Service:

  • Issues, renews, cancels, and validates security tokens.
  • Allows customers to write their own plug-ins for different token implementations and for different token validations.
  • Provides a WS-Trust based API for client and application access.
  • Provides security tokens including Kerberos, Web Services-Interoperability Basic Service Profile (WS-I BSP), and Resource Access Control Facility (RACF).

Here is some information on supported security tokens in OpenSSO.

Security Token Service Supported Tokens

Tokens that can be authenticated:

  • UserName
  • X509
  • SAML 1.1
  • SAML 2.0
  • Kerberos

Tokens that can be issued:

  • UserName
  • X509
  • SAML 1.1
  • SAML 2.0

End user tokens that can be converted or validated out of the box:

  • OpenSSO SSOToken to SAML 1.1 or SAML 2.0 token
  • SAML 1.1 or SAML 2.0 token to OpenSSO SSOToken

Additionally, end user tokens can be converted or validated after customization. In this case, the new token is an On Behalf Of token (based on the WS-Trust protocol element) carried in the WS-Trust request as part of the SOAP body and not as an authentication token carried as part of the SOAP header. Custom tokens can also be created and sent On Behalf Of an end user token for conversion or validation by Security Token Service. To do this, implement the com.sun.identity.wss.sts.ClientUserToken interface and put the implemented class name in AMConfig.properties on the client side and the global Security Token Service configuration using the OpenSSO console.

Web Services Security Framework Supported Tokens

Tokens that can be authenticated:

  • UserName
  • X509
  • SAML 1.1
  • SAML 2.0
  • Kerberos

Tokens that can be issued:

  • UserName (generated via STS or locally at WSC)
  • X509 (generated via the Security Token Service or locally at the WSC)
  • SAML 1.1 (generated via the Security Token Service or locally at the WSC)
  • SAML 2.0 (generated via the Security Token Service or locally at the WSC)
  • Kerberos (generated locally at the WSC)

After learning something new, now enjoy some music from Amy MacDonald. This is Mr. Rock & Roll.

Posted at 12:00AM Aug 14, 2008 by Michael Teger in Sun  |  Comments[0]

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed