JBoss SSO
JBoss SSO
Single Sign On (SSO) is a specialized form of user authentication that enables a user to be authenticated once, and gain access to resources on multiple systems/web applications during that session.
The benefits of using Single Sign On across your federation of web applications consist of:
- Helps consolidate silos of identity stores that have cropped up over time with multiple web applications.
- Improves user account provisioning process dramatically.
- Provides a better end user experience using web SSO.
- Improves efficiency when integrating user access to new applications including 3rd party ASP services like SalesForce.com.
- Enables secure intra-company access to applications between enterprises and their partners, suppliers, and customer organizations.
Feature Summary
- End-to-End secure cross domain/cross organization Single Sign On/Single Sign Out using industry standards like SAML
- A more practical de-centralized approach to SSO as compared to the more limiting hub and spoke architecture.
- Pluggable Identity Connector Framework to connect to custom Identity Storage systems like (JDBC databases etc). Includes a standard LDAP based Identity Connector. Successfully tested for Red Hat Directory Server, OpenLDAP, and OpenDS.
- A clean separation between framework and application authentication. Supports both standard JAAS based authentication mechanism as well as custom authentication mechanisms such as (Struts actions, Servlet Filters,JSF Actions, Plain Servlets etc)
- Seamless Integration with JBoss Portal. Work in progress for the JBoss SEAM Framework integration.
Components
The JBoss SSO Framework is a collection of components that software developers can easily integrate within their existing web applications to create a federation of trusted web sites. The framework has support for important SSO standards such as SAML. The system consists of the following components:
| Federation Server | A Federation Server is used for securely propagating the Federation Token across web applications located in different security domains |
| Token Marshalling Framework | This is a flexible/pluggable Java API to marshal/unmarshal a Federation Token. The system ships with a SAML-compliant Marshaller |
| Identity Connector Framework | This is a flexible/pluggable Java API to connect to central identity stores. The system ships with a Provider to connect to LDAP based Identity Stores |
The Project
- Project Lead: Sohil Shah
- Documentation: JBoss SSO Framework Wiki
- Downloads : JBoss SSO Framework Downloads
- Discussion: User Questions, Design Questions
- JIRA Project Management: Bugs/Feature Requests
News
- JBoss Federated SSO CR1 Released. Details