Documentation Home
> Sun OpenSSO Enterprise 8.0 Developer's Guide
Sun OpenSSO Enterprise 8.0 Developer's Guide
Book Information
Index
A
C
D
F
I
J
K
L
O
P
R
S
T
V
W
X
Preface
Chapter 1 Using the Authentication Service API and SPI
Initiating Authentication with the Authentication Service API
Writing Authentication Modules with the Authentication Service SPI
Creating an Authentication Module Callback Requirement File
Writing a Principal Class for the Authentication Module
Creating an Authentication Module Service File
Creating an Authentication Module Localization Properties File
Extending the AMLoginModule Class
Implementing the init() Method
Implementing the process() Method
Implementing the getPrincipal() Method
Adding Authentication Post Processing Features
Communicating Authentication Data as XML
XML Messages and remote-auth.dtd
Authentication Request Message from Application
Response Message from OpenSSO Enterprise with Session Identifier and Callbacks
Response Message from Application with User Credentials
Authentication Status Message from OpenSSO Enterprise With Session Token
XML/HTTP(s) Interface for Other Applications
Customizing Plug-Ins for the Password Reset User Interface
Chapter 2 Using the Policy Service API
About the Policy Service Interfaces
com.sun.identity.policy
Policy Management Classes
PolicyManager
Policy
Policy Evaluation Classes
PolicyEvaluator
ProxyPolicyEvaluator
PolicyEvent
com.sun.identity.policy.client
com.sun.identity.policy.interfaces
Policy Service Provider Interfaces and Plug-Ins
com.sun.identity.policy.jaas
ISPermission
ISPolicy
Enabling Authorization Using the Java Authentication and Authorization Service (JAAS)
Using the Policy Evaluation API
To Develop a Custom Policy Plug-In
Sample Code for Custom Subjects, Conditions, Referrals, and Response Providers
SampleSubject.java
SampleCondition.java
SampleReferral.java
SampleResponseProvider.java
Chapter 3 Using the Session Service API
A Simple Single Sign-On Scenario
Inside a User Session
Session Attributes
Protected Properties
About the Session Service Interfaces
SSOTokenManager
SSOToken
SSOTokenListener
Chapter 4 Running OpenSSO Enterprise in Debugging Mode
To Run OpenSSO Enterprise in Debugging Mode
To Merge Debugging Output into One File
Chapter 5 Understanding the Federation Options
Understanding Federation
Understanding Federated Single Sign-on
Federated Single Sign-on Using OpenSSO Enterprise
Executing a Multi-Protocol Hub
Chapter 6 Implementing the Liberty Alliance Project Identity-Federation Framework
Customizing the Federation Graphical User Interface
Using the Liberty ID-FF Packages
com.sun.identity.federation.accountmgmt
com.sun.identity.federation.common
com.sun.identity.federation.message
com.sun.identity.federation.message.common
com.sun.identity.federation.plugins
com.sun.identity.federation.services
com.sun.liberty
Accessing Liberty ID-FF Endpoints
Executing the Liberty ID-FF Sample
Chapter 7 Implementing WS-Federation
Accessing the WS-Federation Java Server Pages
Using the WS-Federation Packages
com.sun.identity.wsfederation.plugins
com.sun.identity.wsfederation.common
Executing the Multi-Protocol Hub Sample
Chapter 8 Constructing SAML Messages
SAML v2
Using the SAML v2 SDK
Exploring the SAML v2 Packages
com.sun.identity.saml2.assertion Package
com.sun.identity.saml2.common Package
com.sun.identity.saml2.plugins Package
com.sun.identity.saml2.protocol Package
Setting a Customized Class
Service Provider Interfaces
Account Mappers
IDPAccountMapper
SPAccountMapper
Attribute Mappers
IDPAttributeMapper
SPAttributeMapper
Authentication Context Mappers
IDPAuthnContextMapper
SPAuthnContextMapper
Assertion Query/Request Mappers
Attribute Authority Mappers
Service Provider Adapter
JavaServer Pages
Default Display Page
Export Metadata Page
Fedlet Pages
Assertion Consumer Page
Single Sign-on Pages
idpSSOFederate.jsp
idpSSOInit.jsp
spSSOInit.jsp
Name Identifier Pages
idpMNIPOST.jsp
idpMNIRequestInit.jsp
idpMNIRedirect.jsp
spMNIPOST.jsp
spMNIRequestInit.jsp
spMNIRedirect.jsp
Single Logout Pages
idpSingleLogoutPOST.jsp
idpSingleLogoutInit.jsp
idpSingleLogoutRedirect.jsp
spSingleLogoutPOST.jsp
spSingleLogoutInit.jsp
spSingleLogoutRedirect.jsp
SAML v2 Samples
Using SAML v2 for Virtual Federation Proxy
How Virtual Federation Proxy Works
Use Cases
Authentication at Identity Provider
Secure Attribute Exchange at Identity Provider
Secure Attribute Exchange at Service Provider
Global Single Logout
Securing Virtual Federation Proxy
Preparing to Use Virtual Federation Proxy
Configuring for Virtual Federation Proxy
Configure the Instance of OpenSSO Enterprise Local to the Identity Provider
Configure the Instance of OpenSSO Enterprise Local to the Service Provider
Configure the Instance of OpenSSO Enterprise Local to the Identity Provider for the Remote Service Provider
Configure the Instance of OpenSSO Enterprise Local to the Service Provider for the Remote Identity Provider
Using the Secure Attribute Exchange Sample
SAML v1.x
com.sun.identity.saml Package
AssertionManager Class
SAMLClient Class
com.sun.identity.saml.assertion Package
com.sun.identity.saml.common Package
com.sun.identity.saml.plugins Package
ActionMapper Interface
AttributeMapper Interface
NameIdentifierMapper Interface
PartnerAccountMapper Interface
PartnerSiteAttributeMapper Interface
com.sun.identity.saml.protocol Package
AuthenticationQuery Class
AttributeQuery Class
AuthorizationDecisionQuery Class
Chapter 9 Implementing Web Services
Developing New Web Services
To Host a Custom Service
To Invoke the Custom Service
Setting Up Liberty ID-WSF 1.1 Profiles
To Configure OpenSSO Enterprise to Use Liberty ID-WSF 1.1 Profiles
To Test the Liberty ID-WSF 1.1 Configuration
Common Application Programming Interfaces
Common Interfaces
com.sun.identity.liberty.ws.common Package
com.sun.identity.liberty.ws.interfaces Package
Common Security API
com.sun.identity.liberty.ws.security Package
com.sun.identity.liberty.ws.common.wsse Package
Authentication Web Service
Authentication Web Service Default Implementation
key Parameter
class Parameter
Authentication Web Service Packages
com.sun.identity.liberty.ws.authnsvc Package
com.sun.identity.liberty.ws.authnsvc.mechanism Package
com.sun.identity.liberty.ws.authnsvc.protocol Package
Access the Authentication Web Service
Data Services
Liberty Personal Profile Service
Data Services Template Packages
com.sun.identity.liberty.ws.dst Package
com.sun.identity.liberty.ws.dst.service Package
Discovery Service
Generating Security Tokens
To Configure the Discovery Service to Generate Security Tokens
Discovery Service Packages
Client APIs in com.sun.identity.liberty.ws.disco
com.sun.identity.liberty.ws.disco.plugins.DiscoEntryHandler Interface
com.sun.identity.liberty.ws.interfaces.Authorizer Interface
To Configure Discovery Service Policy Definitions
com.sun.identity.liberty.ws.interfaces.ResourceIDMapper Interface
Access the Discovery Service
SOAP Binding Service
SOAPReceiver Servlet
SOAP Binding Service Package
Interaction Service
Configuring the Interaction Service
Interaction Service API
PAOS Binding
Comparison of PAOS and SOAP
PAOS Binding API
Chapter 10 Using the REST Identity Interfaces
The REST URL Format
Authentication
Token Validation
Logout
Authorization
Logging
Searching Identity Types
Display Identity Data
Display Particular Identity Data
Creating Identity Types
Updating Identity Data
Deleting an Identity Profile
Chapter 11 Securing Web Services
About Web Services Security
About Web Services Security with OpenSSO Enterprise
The Security Token Service
Web Container Support
Security Tokens
Token Conversion
Configuring the Security Token Service
Security Agents
WSC Security Agents
WSP Security Agent
Supported Web Services-Interoperability Basic Security Profile Security Tokens
Supported Liberty Alliance Project Security Tokens
Testing Web Services Security
Chapter 12 Creating and Deploying OpenSSO Enterprise WAR Files
Overview of WAR Files in Java EE Software Development
Web Components
How Web Components are Packaged
Deploying the OpenSSO Enterprise WAR File
OpenSSO Enterprise Deployment Considerations
To Deploy the OpenSSO Enterprise Server WAR File:
Customizing and Redeploying opensso.war
To Customize and Redeploy opensso.war
Creating Specialized OpenSSO Enterprise WAR Files
To Create a Specialized OpenSSO Enterprise WAR File
Chapter 13 Customizing the Authentication User Interface
User Interface Files You Can Modify
Java Server Page (JSP) Files
Customizing the Login Page
Customizing JSP Templates
XML Files
Callbacks Elements
Nested Elements
Attributes
ConfirmationCallback Element
Nested Element
JavaScript Files
Cascading Style Sheets
Images
Localization Files
Customizing Branding and Functionality
To Modify Branding and Functionality
Customizing the Self-Registration Page
To Modify the Self-Registration Page
Customizing the Distributed Authentication User Server Interface
To Customize the Distributed Authentication Server User Interface
Chapter 14 Using the Client SDK
About the Client SDK
OpenSSO Enterprise Client SDK Requirements
Using the Client SDK
Using AMConfig.properties With the Client SDK
Properties in AMConfig.properties
Debug Properties
Client SDK Related Properties
Logging Property
Java™ Platform, Enterprise Edition (Java EE) Agent Property
OpenSSO Enterprise Configuration Data User Credential Properties
Cache Enable Properties
Cache Update Properties
Notification Properties
Polling Properties
TTL Properties
Naming Property
Encryption Properties
OpenSSO Enterprise Server and Console Location Properties
Cookie Property
Client Side Session Polling Properties
JSS Certificate Database Properties
Policy Logging and Caching Properties
Federation Properties
Setting Properties in AMConfig.properties
Setting Properties Using a Text Editor
Setting Properties Using the Java API
Setting Properties at Run Time
Installing the Client SDK and Running the Samples
Installing the Client SDK by Deploying the Sample WAR
To Install the Client SDK by Deploying the Sample WAR
To Run the Client SDK Web-based Samples
To Run the Client SDK Command Line Samples
Installing the Client SDK By Compiling the Samples
To Install the Client SDK by Compiling the Samples
Sending Notifications to the Client SDK Cache
To Enable Client SDK Cache Notifications
Setting Up a Client SDK Identity
To Set Username and Password Properties
To Set an SSO Token Provider
Using the Virtual Federation Proxy Client Interfaces
Chapter 15 Reading and Writing Log Records
About the Logging Service
Using the Logging Interfaces
Implementing Logging with the Logging Service API
Writing Log Records
Reading Log Records
Implementing Remote Logging
Logging to a Second OpenSSO Enterprise Server Instance
Logging to OpenSSO Enterprise Server From a Remote Client
Running the Command-Line Logging Sample (LogSample.java)
To Run the Command-Line Logging Sample
Appendix A Key Management
Public Key Infrastructure Basics
Digital Signatures
Digital Certificates
keytool Command Line Interface
Setting Up a Keystore
To Set Up a Keystore
© 2010, Oracle Corporation and/or its affiliates