There are two types of web applications that can be integrated into Web SSO. They are:
Web applications without any authentication implementation
Web applications with their own authentication implementation
Web applications that do not implement any type of authentication are protected by the Policy Agent software of Access Manager, which is installed on the host web container. For more details about configuring the Policy Agent software, see Configuring Policy Agent. As Access Manager is integrated into Web SSO, you do not have to modify the web application.
The Web SSO implementation is based on cookies and HTTP filters for redirection. To integrate a web application into Web SSO, add a filter that will redirect the user to the core Web SSO application, in case a user is not logged in. The core Web SSO application has to be extended with the authentication module. The authentication module will implement the AuthModule interface and provide the login and logout functionality.
The Web SSO filter is attached to a web application, which is part of a Web SSO. The filter intercepts all HTTP requests. When an unauthenticated HTTP request is recognized, the filter redirects the user to the Web SSO core application. When HTTP request belongs to an authenticated user, the filter does nothing. For filter API details, see package javax.servlet. Also see the source code, for example, src/websso/filter/.
For more information, see Java Platform Enterprise Edition, v 5.0 API Specifications.
For every web application that needs to be integrated with Web SSO, you have to implement the new authentication module. You have to modify the Web SSO core, that is, add and embed the new authentication module into the code.
The authentication module should extend the com.sun.otp.websso.AuthModule abstract class. The following listing illustrates it:
package com.sun.otp.websso.xxx; import com.sun.otp.websso.AuthModule; import com.sun.otp.websso.SunClusterUtils; import com.sun.otp.websso.Util; import com.sun.otp.websso.configuration.ConfigItem; import java.net.HttpURLConnection; import java.net.URL; import javax.servlet.ServletContext; import javax.servlet.http.Cookie; /******************************************************************************* * Authentication module for XXX application. */ public class SpsAuth extends AuthModule { /**************************************************************************/ private static final String XXX_COOKIE = "XXXCookie"; /*************************************************************************** * Creates new instance of authentication module for N1 SPS. * @param config configuration information for this module * @param context servlet context */ public SpsAuth(ConfigItem config, ServletContext context) { super(config, context); log("XXX: "+protocol+", "+server+", "+port); } /*************************************************************************** * Performs login into XXX application. * @param username user's name * @param password user's password * @return array of cookies obtained from Lockhart that should be stored in user's browser */ public Cookie[] login(String username, String password) throws Exception { //connect to XXX application, provide credentials, and return cookies } /*************************************************************************** * Performs logout from XXX application. * @return array of cookies that should be updated (deleted) in user's browser */ public Cookie[] logout() throws Exception { //connect to XXX application, do logout, and return cookies that should be updated/deleted }
For filter API details, see package javax.servlet. Also see source code, for example, src/websso/filter/. For more information, see Java Platform Enterprise Edition, v 5.0 API Specifications.