3 Replies Latest reply on Jun 15, 2009 1:39 AM by anil.saldhana

Federated SSO for web services

rk_jboss Jun 10, 2009 3:51 PM

Hi,
We are in the process of implementing federated SSO for non-web based applications (web services). We have some web services from different enterprises and once it is authenticated by one web service in one enterprise then it should be able to access web services exist in different enterprises and should access the web services based on their authorization level.

So, I was wondering whether JBoss Federated identity/SSO can support the following things
1) I wanted to deploy the application in FreeBSD . Does it have support to FreeBSD?
2) Can I use single sign-on, federated SSO and SAML authorization for web services?
3) Assume that it has only support for federated SSO , can I extend jboss federated API to perform or get authorization and assertion attributes from SAML to access the web services.

Pls can you point me to either documents or prototype which will give me in depth knowledge of jboss capabilities in federation.

Thanks in advance.

Thanks,
Ram

1. Re: Federated SSO for web services

anil.saldhana Jun 10, 2009 4:34 PM (in response to rk_jboss)

http://anil-identity.blogspot.com/2009/06/samlv2-web-browser-sso-with-jboss.html
Actions
2. Re: Federated SSO for web services

rk_jboss Jun 11, 2009 1:31 PM (in response to rk_jboss)

Thanks Anil for quick response.
I looked in to your blog and other resources but I could not find the details like the web services participating in the federation and exchanging the authentication and authorization attributes.

I am looking for open source initiatives and tried Shibboleth but its Service Provider does not have support for FreeBSD.

We are in a decision making situation which federation server to choose.

1) If you can answer to my previous questions that would be great. I know JBoss app server is compatible with FreeBSD and just wondering about federated SSO.

2) The next thing is the federated SSO support for web services. All the documentation talks about web based federation but did not get the information on support for web services.

3) I looked in to one of your posts (http://www.jboss.org/community/wiki/SAMLv2andXACMLv2Integration) talks about the integration of SAM2 with XACML in JBoss and wanted to know more information whether we can extend that feature for web services federation with authorization.

FYI: My brief requirement is , once a web service WS1 which exists in enterprise E1 authenticates a user U1 with role R1 and trying to access WS2 from enterprise E2 (both participate in federation ) and the same user U1 will have different role R2 in enterprise E2. So my service provide at E2 should get the authorization attributes from Identity Provider 2 / federation server. Hope you got my concern.

Thanks in advance.

Thanks,
Ram
Actions
3. Re: Federated SSO for web services

anil.saldhana Jun 15, 2009 1:39 AM (in response to rk_jboss)

What you really need is a federation gateway or such that can negotiate identity (plus attributes) across trust domains.

Our WS-T STS implementation is mainly for that - issuing SAML assertions (that can of course include attributes). Now it is upto E2 to decide what roles the incoming user is.

If FreeBSD has a Java VM (it should), then any of the Java solutions should work.
Actions

Go to original post