Securing Applications With Identity Services, Part 4: Single Sign-On and Logout

The Identity Services section in Part 1 of this series lists the Representational State Transfer (REST) operations that are supported by OpenSSO, Sun's open Web access management project. OpenSSO is based on the code base of Sun Java System Access Manager, a core identity-infrastructure software product. Here in Part 4, you're shown how to achieve single sign-on (SSO) and logout with REST. Even though the procedures in this part start with authentication as a key part of the process, the emphasis is on SSO and logout.

Note: In typical deployments, authentication is performed by a centralized server that can be distributed across multiple machines. All applications would then rely on that server for authentication and log in users with SSO. Another advantage offered by a centralized server is that it isolates the applications from authentication mechanisms, which range from the simple user-name/password credential scheme to complex approaches, such as multifactor authentication and federation.

Before proceeding, do read the first three parts of this series for the background on identity services and other related details:

• Part 1: Authentication
  
• Part 2: Authorization
  
• Part 3: User Attributes

As in Parts 1 through 3, we assume that you are familiar with the NetBeans IDE and that you have installed the latest build of OpenSSO. Afterwards, configure OpenSSO on the application server in which you will deploy the application. Feel free to deploy on another application server on another machine.

Coming Attractions
Subsequent parts of this series will show you how to audit, create, and update identity services. Stay tuned!

Posted at 05:59PM Aug 04, 2008 by Criss McCauley in Events  |  Comments[0]