/ Integration Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Security Patterns: Single Sign On across Web Applications and Web Services

DZone's Guide to

Security Patterns: Single Sign On across Web Applications and Web Services

by
·
Sep. 11, 12 · Integration Zone ·
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

WSO2 is the only open source vendor to be named a leader in The Forrester Wave™: API Management Solutions, Q4 2018 Report. Download the report now or try out our product for free.

The requirement is to have single sign-on across different web applications; once the user is authenticated he should be able to access all the web applications with no further authentication (by himself). Also, the web applications need to access a set of back-end services with the logged-in user's access rights and the back-end services will authorize the user (end user) based on different claims, like role.


 1. User hits the link to the WebApp.

 
2. WebApp finds out user is not authenticated and redirects to the SAML2 IdP.

 
3. SAML2 Idp checks whether the user has an authenticated session - if not will prompt for credentials, once authenticated there ,user will be redirected back to WebApp with a SAML token, with the set of claims requested by the WebApp.

 
4. Now, the WebApp needs to access a back-end web service with the logged in user's access rights. WebApp passes the SAML token to the PEP based on WS-Trust and authenticates it self [WebApp] to the PEP via trusted-sub-system pattern.

 
5. PEP will call XACML PDP to authorize the user, based on the claims provided in the SAML token.

 
6. XACML PDP returns back the decision to the PEP.

 
7. If it's a 'Permit' - PEP will let the user access the back-end web service.

Read the WSO2 Methodology for Agility to see how you can transform your integration projects from semi-agile to a scalable continuous agile approach.

Like This Article? Read More From DZone

Enhancing a Kotlin Chart With Advanced Charting Kit (Part 1)
Using the Galen Framework for Automated Cross-Browser Layout Testing
Skills Needed For Data Scientist and Data Analyst [Video]

Free DZone Refcard

Foundations of RESTful Architecture
DOWNLOAD
Topics:

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

Integration Partner Resources

Building an API Strategy Using an Enterprise API Marketplace
How to Transform Your Business in the Digital Age [Whitepaper]
The Definitive Guide to API Integrations: Explore API Integrations Below the Surface [eBook]
Buyer's Guide to Application and Data Integration
The State of API Integration 2018 [Report]
8 Reasons Why Your Legacy Data Integration Plan Must Change
Keep Calm and Authenticate: Why Adaptive is the Next Big Thing
Managing Business Processes in Your Enterprise
The State of API Integration 2019 [Survey]
Guide to Microsoft Azure Integration

Integration Partner Resources

Building an API Strategy Using an Enterprise API Marketplace
How to Transform Your Business in the Digital Age [Whitepaper]
The Definitive Guide to API Integrations: Explore API Integrations Below the Surface [eBook]
Buyer's Guide to Application and Data Integration

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone