Simplify enterprise Java authentication with single sign-on

Does your enterprise run many coexisting Java applications, each requiring authentication in order to access enterprise resources? If so, you’ll probably want to implement single sign-on (SSO) security functionality to make authentication less intrusive for your users. In this article, you’ll learn how to implement SSO using Kerberos and the Java Generic Security Services API (GSS-API). First we’ll cover what SSO means and illustrate its potential applications. Then we’ll explore the sequence of message exchanges that occurs to implement Kerberos-based SSO. Next, we’ll briefly introduce the Java GSS-API and the architecture of a typical Java application that accomplishes SSO using GSS. Finally, we’ll put the pieces together and provide working code examples to demonstrate how Java developers can implement SSO with GSS Kerberos tickets.

What is single sign-on?

Fundamentally, single sign-on authentication means the sharing of authentication data. For instance, many employees of a warehousing company might need to access enterprise resources (database tables, for example) in order to fulfill their job requirements, with different employees needing different resources depending on their job function. An accounts manager may need to access only the accounts-related database tables, while a sales manager may need to access sales-related database tables. In contrast, the CEO of the company may need to access any table in the enterprise’s database.

Obviously, this enterprise needs an authentication mechanism in place that can determine which employee is trying to access a particular resource. Once the enterprise authentication module knows the identity of the employee, an authorization module within the enterprise implementation can check whether the authenticated user has the necessary privileges to access the resource.“>More Here



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: