Skip to main content

How to Integrate Applications With OpenSSO

Posted by marinasum on August 27, 2008 at 9:41 AM PDT

A new SDN article, Integrating Applications With OpenSSO, starts by describing the architecture of OpenSSO's secure login process, followed by the four ways in which to manage applications' Web access. The four ways are the Policy Agent, a reverse proxy, the client SDK, and identity services. Even though identity services require extra programming, you save cycles since no other components (Policy Agent and so forth) are involved.

The article then explains the three basic tasks required for setting up authentication with identity services. A demo of the steps follows, complete with code segments in a Ruby on Rails sample application.

Related Topics >>


Hi Aravindan and Marina, Thanks for responding to me. The organization disallow Policy Agents to be installed in Application Servers that host the EAR applications. My EAR application delegates user authentication is a custom JAAS Login Module. With this constraint, what options do I have? Cheers, Gary

Hi Gary, If the access from Reverse Proxy to the Application Server (JBoss) is via http or https they can install OpenSSO's JBoss JavaEE Policy agent. URL: The JavaEE Policy Agent can pickup the token and set the Principal in the Subject. Aravindan.

Hi, Gary, I've forwarded your question to a couple of technical experts on the OpenSSO team at Sun. Someone will post a response soon, I hope. Thanks for the kudos for the article. It always makes my day to hear that these publications are of interest to readers. Marina

Hi Marina, I read the article with great interest. The article contains concise and straight to the point on integrating applications with OpenSSO. I am setting up such a SSO environment with OpenSSO using Reverse Proxy. That is I have OpenSSO Policy Agent installed in the Reverse Proxy. Now I have a EAR application that is deployed in an Application Server (JBoss) behind the Reverse Proxy. Now the Reverse Proxy is going to grant access to this EAR application and send the token and other session information to it. The question is what do I need to do to the EAR application to accept and recognize the token sent from the Reverse Proxy? I have searched the documentation and the Internet for such information but could not find any. It would be great if your could help me with this. Thanks. Rgds, Gary