Single Sign On (SSO) is a specialized form of user authentication that enables a user to be authenticated once, and gain access to resources on multiple systems/web applications during that session.
The benefits of using Single Sign On across your federation of web applications consist of:
The benefits of using Single Sign On across your federation of web applications consist of:
- Helps consolidate silos of identity stores that have cropped up over time with multiple web applications.
- Improves user account provisioning process dramatically.
- Provides a better end user experience using web SSO.
- Improves efficiency when integrating user access to new applications including 3rd party ASP services like SalesForce.com.
- Enables secure intra-company access to applications between enterprises and their partners, suppliers, and customer organizations.
Feature Summary:
- End-to-End secure cross domain/cross organization Single Sign On/Single Sign Out using industry standards like SAML
- A more practical de-centralized approach to SSO as compared to the more limiting hub and spoke architecture.
- Pluggable Identity Connector Framework to connect to custom Identity Storage systems like (JDBC databases etc). Includes a standard LDAP based Identity Connector. Successfully tested for Red Hat Directory Server, OpenLDAP, and OpenDS.
- A clean separation between framework and application authentication. Supports both standard JAAS based authentication mechanism as well as custom authentication mechanisms such as (Struts actions, Servlet Filters,JSF Actions, Plain Servlets etc)
- Seamless Integration with JBoss Portal. Work in progress for the JBoss SEAM Framework integration.
Components:
The JBoss SSO Framework is a collection of components that software developers can easily integrate within their existing web applications to create a federation of trusted web sites. The framework has support for important SSO standards such as SAML. The system consists of the following components:- Federation Server - A Federation Server is used for securely propagating the Federation Token across web applications located in different security domains
- Token Marshalling Framework - This is a flexible/pluggable Java API to marshal/unmarshal a Federation Token. The system ships with a SAML-compliant Marshaller
- Identity Connector Framework - This is a flexible/pluggable Java API to connect to central identity stores. The system ships with a Provider to connect to LDAP based Identity Stores
The Project
- Project Lead: Sohil Shah
- Documentation: JBoss SSO Framework Wiki
- Downloads : JBoss SSO Framework Downloads
- Discussion: User Questions, Design Questions
- JIRA Project Management: Bugs/Feature Requests
News
- JBoss Federated SSO CR1 Released. Details