Scribd Logo
Upload

Welcome to Scribd!

  • Resumen Integracion Agente

    Uploaded by

    Justin Bennett
    13 views3 pages
    The document outlines the steps to integrate single sign-on at Personal, which involves developing a login page that posts credentials to an SSO server, installing an agent on the web server to validate sessions and enrich HTTP headers, and using Java libraries to check for authenticated users by validating tokens from cookies. The agent manages user sessions, synchronizes personalization information with the SSO server, and ensures only authenticated users can access protected pages by validating tokens on every request.

    Original Description:

    Resumen de la Integración de un Agente SSO.

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines the steps to integrate single sign-on at Personal, which involves developing a login page that posts credentials to an SSO server, installing an agent on the web server to validate sessions and enrich HTTP headers, and using Java libraries to check for authenticated users by validating tokens from cookies. The agent manages user sessions, synchronizes personalization information with the SSO server, and ensures only authenticated users can access protected pages by validating tokens on every request.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views3 pages

    Resumen Integracion Agente

    Uploaded by

    Justin Bennett
    The document outlines the steps to integrate single sign-on at Personal, which involves developing a login page that posts credentials to an SSO server, installing an agent on the web server to validate sessions and enrich HTTP headers, and using Java libraries to check for authenticated users by validating tokens from cookies. The agent manages user sessions, synchronizes personalization information with the SSO server, and ensures only authenticated users can access protected pages by validating tokens on every request.

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Summary of SSO Integration at Personal.

    (Writen by M. Acciardi on 2012/02)


    (revised on 2013/02)
    The integration consists in two or three steps (it depends of yor site
    techno!ogy)"
    1) A !ogin page or fra#e #st be deve!oped with these featres"
    a) $nfor#ation %e!ds" M&$&'() *$( and +A*T+,A bo- (on!y showed to
    csto#er at .
    th
    fai!ed atte#pt).
    b) /ro# this page yo do a post to 012 (,TT* *3&T M0&T 45
    31$6$(AT5' $( +0&T3M51 413W&51 )"
    https"//sso.persona!.co#.ar/opena#/0$/2ogin with this data"
    i. $'To7en1" M&$&'( (+sto#er 2ine (#ber)
    ii. $'To7en2" *ersona! *$(
    iii. goto" 012 to redirect if !ogin is sccessf! (%rst page of yor
    site)
    iv. goto3n/ai!" 012 to redirect if !ogin is nsccessf! (csto#
    error page yo deve!op)
    v. rea!#" 1ea!# created for each app!ication) sa!!y
    8/9app(a#e:;
    vi. $'To7en3" $f re<ested) +aptcha te-t typed by the +sto#er
    c) At 3
    rd
    fai!ed atte#pt) sso server retrn a fai! response) para#eter
    &how+aptcha=tre and yo #st show a dyna#ica!!y generated
    +A*T+,A fro# this !in7"
    https"//sso.persona!.co#.ar/opena#/>captcha.>pg
    d) At 10
    th
    atte#pt) csto#er *$( is b!oc7ed te#porary.
    e) $f !ogin is sccessf! redirection to 012 #entioned in step 1.b.iii. is
    !anched
    f) 5very va!idated page #st show a !ogin fra#e with persona!i?ed
    we!co#e #essage and !ogot btton f.e." 8We!co#e @ohn &#ithA.;. /or
    this prpose yo #st se http header enrich#ent operated by sso
    agent (&ee be!ow step 2.e) or >ava #ethods to obtain this variab!es (&ee
    be!ow step 3)
    g) When athentication is sccess) a coo7ie is generated in csto#er
    browser side.
    2) A software agent (apache o >ava co#patib!e) #st be insta!!ed on yor web
    server to contro! each http re<est to yor site"
    a) The Agent captre http re<ests and add attribtes on http header
    i) $n @ava sites yo can se a sa#p!e code $ send yo (&ee be!ow
    step 3) to va!idate coo7ie) session and persona!i?ation variab!es
    ii) $n php sites yo #st chec7 coo7ie va!idity by posting this 012
    https"//sso.persona!.co#.ar/opena#/identity/isTo7enBa!idC
    to7enid=9to7een saved in coo7ie:
    1) $f to7en is va!id retrn as response boo!ean= tre
    2) $f to7en is not va!id retrn http error .01
    b)The Agent synchroni?e session and persona!i?ation infor#ation with
    sso server sing this r!"
    https"//sso.persona!.co#.ar/opena#/na#ingservice and #aintain a!ive
    csto#er session on sso server.
    c) Agent need a rea!# and password for synchroni?ation . *ersona! wi!!
    provide yo this infor#ation at the beginning of integration.
    d) Agent a!ter http header of a!! re<est adding persona!i?ation variab!es
    whi!e session is va!id and athenticated. Do can se this persona!i?ation
    variab!es for severa! prpose in yor site) and a!so for we!co#e #essage
    in !ogin/!ogot fra#e
    e) $f session e-pire for inactivity) agent can redirect re<est to !ogin
    page.
    (3T5" /or trob!es in so#e i#p!e#entations we donEt se any#ore the
    protected or nprotected 012 !ists spported by the agent) so the agent is on!y
    sed to #a7e header enrich#ent) synchroni?e persona!i?ation infor#ation and
    va!idate coo7ies. A!! pages #st be considered as nprotected. $n every page
    yo #st va!idate session and to7en if needed. Ba!es in persona!i?ation
    variab!es are inc!ded ato#atica!!y by the agent in http header) or can be
    obtained fro# the agent by >ava code $ attach be!!ow
    3) $f yo are sing an app!ication server >ava co#patib!e yo #st se this
    procedre to chec7 for athenticated csto#ers"
    a) $n setp process the agent copy so#e !ibraries on !ib directory of
    app!ication server. The #ost i#portant is 8openssoc!ientsd7.>ar;
    b) When app!ication server is started each >ar #od!e wi!! be !oaded
    c) To chec7 session to7en"
    i) When ser !og on (as described in step 1 a coo7ie
    8i*!anet'irectory*ro; wi!! be created
    ii) With this coo7ie va!e yo wi!! chec7 its va!idity with code $
    send yo as sa#p!e. (see be!ow)
    iii) $f va!id) yo can obtain *ersona!i?ation variab!es. (see be!ow)
    // openssoc!ientsd7.>ar !ibraries i#port
    import com.iplanet.sso.SSOToken;
    import com.iplanet.sso.SSOTokenManager;
    import com.iplanet.sso.SSOException;
    //In code logic:
    //Variables for token management
    SSOTokenManager manager;
    SSOToken token;
    //Obtain manager instance and initialize ariable !it" cookie
    al#e
    //If cookie is inalid la#nc" SSOException
    //if cookie is alid personalization ariables m#st be
    initialized.
    tr$ %
    manager & SSOTokenManager.getInstance'(;
    token & manager.createSSOToken')E* V+*O, -E *+ .OO/IE
    i0lanet-irector$0ro1(;
    //0ersonalizatin ariables obtain
    token.get0ropert$')-atos*inea2ro*inea1(;
    3 catc" 'SSOException e( %
    //cookie inalida
    3

    You might also like