Single Sign On - JSP

No chapter on security would be complete without a mention of single sign on. Just consider for a moment how many different usernames and passwords that you have for different Web sites that you visit. How do you remember them all? Do you use the same one everywhere (a very unsafe practice)? The idea of single sign on goes some way to reduce some of this hassle.

Imagine if you could manage your user information in one place, have one username and password, and have various sites of your choice use that sign-on information to provide you access to their resources.This could also be applied to technologies such as Web services, where applications can also have a single sign on that can then be used to authenticate them with various Web services.

You may well have come across Microsoft Passport , which provides a single sign on for various Microsoft offerings. There is also the Liberty Alliance which is looking at developing an open standard that can also be used for single sign on.

Liberty Alliance is an organization made up of companies such as Sun, HP, Sony, AOL, and Nokia.There were around 40 sponsoring companies as of May 2002. A further development along this line is that of Security Assertions Markup Language (SAML). SAML is an XML markup that can be used for passing sign-on information between different domains. More information can be found at One product that uses SAML is SiteMinder 5 from Netegrity.This product does the authentication of users for you. For more information on this product, visit a href This discussion has so far been fairly high level.What can you do with what is currently available? In short, not a lot! Although you can have single sign on within a J2EE application as you have seen in the sense of a Web application login being passed to an EJB container, it is still not easily possible to propagate this to disparate J2EE applications.


All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

JSP Topics