/ Integration Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Security Patterns: Single Sign On across Web Applications and Web Services

DZone's Guide to

Security Patterns: Single Sign On across Web Applications and Web Services

by
Prabath Siriwardena
·
Sep. 11, 12 · Integration Zone
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Share, secure, distribute, control, and monetize your APIs with the platform built with performance, time-to-value, and growth in mind. Free 90-day trial of 3Scale by Red Hat

The requirement is to have single sign-on across different web applications; once the user is authenticated he should be able to access all the web applications with no further authentication (by himself). Also, the web applications need to access a set of back-end services with the logged-in user's access rights and the back-end services will authorize the user (end user) based on different claims, like role.


 1. User hits the link to the WebApp.

 
2. WebApp finds out user is not authenticated and redirects to the SAML2 IdP.

 
3. SAML2 Idp checks whether the user has an authenticated session - if not will prompt for credentials, once authenticated there ,user will be redirected back to WebApp with a SAML token, with the set of claims requested by the WebApp.

 
4. Now, the WebApp needs to access a back-end web service with the logged in user's access rights. WebApp passes the SAML token to the PEP based on WS-Trust and authenticates it self [WebApp] to the PEP via trusted-sub-system pattern.

 
5. PEP will call XACML PDP to authorize the user, based on the claims provided in the SAML token.

 
6. XACML PDP returns back the decision to the PEP.

 
7. If it's a 'Permit' - PEP will let the user access the back-end web service.

Explore the core elements of owning an API strategy and best practices for effective API programs. Download the API Owner's Manual, brought to you by 3Scale by Red Hat

Like This Article? Read More From DZone

Getting Started With Google Sign-In and Spring Boot
Thoughts on Opening Up Java EE
Azure Managed VM Images: Using Premium Data Disks

Free DZone Refcard

RESTful API Lifecycle Management
DOWNLOAD
Topics:

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Prabath Siriwardena, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Integration Partner Resources

Digital transformation (DX) is continuous way for enterprises to adapt to, or cause, disruptive change using digital competencies.
API Strategy and Architecture eBook
APIs provide a new avenue for businesses to collaborate with their partners, customers, and teams in new and powerful ways.
Discover how you can achieve enterprise agility with microservices and API management
O'Reilly Microservice Architecture Book: Aligning Principles, Practices and Culture
The State of API Integration, 2017 and Beyond [Report]
Modernizing Application Architectures with Microservices and APIs
The Finance Integration Guide: 5 Things Experts Consider in Their API Strategy [eBook]

Integration Partner Resources

Digital transformation (DX) is continuous way for enterprises to adapt to, or cause, disruptive change using digital competencies.
API Strategy and Architecture eBook
APIs provide a new avenue for businesses to collaborate with their partners, customers, and teams in new and powerful ways.
Discover how you can achieve enterprise agility with microservices and API management
THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone