How to Enable Single Sign On

by Ombretta Malinverno
11,210 views Published on Jan 13, 2014
Applies to: 7.2 or higher
Table of contents

Introduction

"Single sign-on (SSO) is a property of access control of multiple related, but independent, software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them."(source Wikipedia http://en.wikipedia.org/wiki/Single_sign-on)

WebRatio allows you to enable the single sign-on feature in a Web Application. This is possible thanks to a Java class named Credential Service. This class allows the user to automatically log  into the Web Application and to directly access protected modules. 

There is no explicit log in since the user credentials are retrieved from an access management system such as SiteMinder, Oracle Single Sign On, or LDAP. WebRatio provides a standard Credential Service for each of the above-mentioned access management systems. 

By default a Web Application generated with WebRatio uses an explicit login form. To bypass this system you need to apply a configuration to the Web Project by taking these steps:

  1. Open the RTXConfig.properties file present in the WEB-INF/conf folder of your deploy directory.
  2. Copy the RTXConfig.properties in the WebContent/WEB-INF/conf directory of your Web Project in order to assure that the next project generation uses new configuration.
  3. Add the following property at the end of the file:
    credentialsService=mypackage.CredentialService
  4. Save the file.
  5. Generate the project.

SiteMinder

SiteMinder is a centralized Internet access control system that enables user authentication and single sign-on, policy-based authorization, identity federation, and auditing of access to Web Applications and portals (http://www.ca.com/us/secure-sso.aspx).

The steps to apply the configuration are the same as described previously, but the property at the end of RTXConfig.properties is: 

credentialsService=com.webratio.credentialservice.SiteMinderCredentialsService

Oracle Single Sign On

Oracle Single Sign On is a way of single password management for Oracle database, Oracle applications, external applications, and operating systems logins (http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index.html).

The steps to apply the configuration are the same as described previously, but the property at the end of RTXConfig.properties is:

credentialsService=com.webratio.credentialservice.OSSOCredentialsService

LDAP or Active Directory

It is possible to prepare an integration through a login mechanism system via LDAP or Active Directory, in an application developed with WebRatio. LDAP is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. You will need to use the Waffle library that goes through the Directory Service before the user logins (source Wikipedia http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol).

WAFFLE is a native Windows Authentication Framework consisting of two C# and Java libraries that perform functions related to Windows authentication, supporting Negotiate, NTLM, and Kerberos. 

Step to use this library:

  1. Package waffle-jna.jar, commons-logging-1.1.1.jar, jna.jar and platform.jar in the application's lib directory or copy them to Tomcat's lib (http://dblock.github.io/waffle/).
  2. Copy the web.xml file present in the WEB-INF/conf folder of your deploy directory  in the WebContent/WEB-INF/conf directory of your Web Project  and add the following code after the listener code
<filter>

    <filter-name>SecurityFilter</filter-name>

    <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>

</filter>

    <filter-mapping>

    <filter-name>SecurityFilter</filter-name>

    <url-pattern>/*</url-pattern>

</filter-mapping>

The steps to apply the configuration are the same as described previously, but the property at the end of RTXConfig.properties is: 

credentialsService=com.webratio.credentialservice.LDAPCredentialsService

Other Single Sign On systems

Do you want to use a different access management system? Then you need to create your own credential service. These are the steps you need to follow:

  1. Add the Java Project: Select File -> New -> Java Project from the main menu. Type a name for the project and click on the Finish button.
  2. Create a package inside the new Java Project giving it a name of your choice.
  3. Add the Class: Select File -> New -> Class from the main menu to add the CredentialService.java class in the package; insert the name of the class that you want to add and the “Interfaces” which is based on RTXCredentialsService.

The WebRatio standard installation includes the RTXCredentialService.java interface, which has to be implemented by the CredentialService.java class in order to realize the single sign on using an access management system. The code contained in this class depends on the access management system used and it has to retrieve  the user credential information.

  1. Implement the getCredentialService method to retrieve the credentials and perform the login.