• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

How to approach Single Sign On(SSO)

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

Actually we have so many web based applications (projects), here one user can have access to more than one Web application. Now, what we have to do is,
If one user login to one application, at the same time if he wants to access another application which is belongs to same server. It directly goes to home page of another application without entering user name and all…(Centralised Login)

Now my project manager asking me, first connect to LDAP and stores user information in a token (temporary). Token uses to authenticate user. if the user is new then it directly goes to LDAP and create new token for him. And my PM wants me; we have to maintain session for each token. After 15 mins we have to delete that token from database.
I’m using oracle application server 10.1.2.
 
Ranch Hand
Posts: 144
Oracle Fedora Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That sounds a lot like Kerberos
 
udaya prasad
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


I just created a automatic generating token for LDAP. now what i have to do is, i just want to place variables like username,Generated token,currentTime,client-IPaddress and all in Server Application Context. After that based on user login we just identify whether the user is already logged in or not. if he already logged in then directly goes to HOMEPAGE. moreover, if session expires like max-timeout (or) if s/he logout ,we just delete that generated Token from Application Context. i'm giving you the two main codes what i developed.. just see and give me any snippet of code samples... to do futher(Gmail, Orkut works on this concept only)...
Please help me.



1) Main .java



import java.util.Map;

/**

*

* @author udayaprasad.vakalapudi

*/

public class Main {

/**

* @param args the command line arguments

*/

public static void main(String[] args) {

// TODO code application logic here

ADAuthenticator authenticator = new ADAuthenticator();

Map userMap = null;

try {

userMap = authenticator.authenticate("udayaprasad.vakalapu",
"PASSWORD");

} catch (Exception x) {

System.out.println(x.getMessage());

}

if (userMap != null) {

System.out.println("User Authenticated Successfully");

System.out.println("Generating token for the authenticated user("
+ userMap.get("givenName") + ")...");

System.out.println("Token generated: "
+ authenticator.generateToken());

}

else {

System.out.println("User Authentication Failed! Incorrect Username/Password!");

}

}

}




2) ADAuthenticator.java





import java.util.HashMap;

import java.util.Hashtable;

import java.util.Map;

import java.util.UUID;

import javax.naming.Context;

import javax.naming.NamingEnumeration;

import javax.naming.NamingException;

import javax.naming.directory.Attribute;

import javax.naming.directory.Attributes;

import javax.naming.directory.SearchControls;

import javax.naming.directory.SearchResult;

import javax.naming.ldap.InitialLdapContext;

import javax.naming.ldap.LdapContext;

/**

*

* @author niranjan.vaidya

*/

public class ADAuthenticator {

private String domain;

private String ldapHost;

private String searchBase;

public ADAuthenticator() {

this.domain = "companyname.in";

this.ldapHost = "ldap://IPADDRESS";

this.searchBase = "dc=bajajallianz,dc=in";

}

public ADAuthenticator(String domain, String host, String dn) {

this.domain = domain;

this.ldapHost = host;

this.searchBase = dn;

}

public Map authenticate(String user, String pass) {

String returnedAtts[] = { "sn", "givenName", "mail" };

String searchFilter = "(&(objectClass=user)(sAMAccountName=" + user
+ "))";

//Create the search controls

SearchControls searchCtls = new SearchControls();

searchCtls.setReturningAttributes(returnedAtts);

//Specify the search scope

searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

Hashtable env = new Hashtable();

env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL, ldapHost);

env.put(Context.SECURITY_AUTHENTICATION, "simple");

env.put(Context.SECURITY_PRINCIPAL, user + "@" + domain);

env.put(Context.SECURITY_CREDENTIALS, pass);

LdapContext ctxGC = null;

try {

ctxGC = new InitialLdapContext(env, null);

//Search objects in GC using filters

NamingEnumeration answer = ctxGC.search(searchBase, searchFilter,
searchCtls);

while (answer.hasMoreElements()) {

SearchResult sr = (SearchResult) answer.next();

Attributes attrs = sr.getAttributes();

Map amap = null;

if (attrs != null) {

amap = new HashMap();

NamingEnumeration ne = attrs.getAll();

while (ne.hasMore()) {

Attribute attr = (Attribute) ne.next();

amap.put(attr.getID(), attr.get());

// System.out.println("attr.getID()" + attr.getID());

// System.out.println("attr.get()" + attr.get());

}

ne.close();

}

return amap;

}

} catch (NamingException ex) {

System.out.println(ex.getMessage());

}

return null;

}

public String generateToken() {

return UUID.randomUUID().toString();

}

}

 
udaya prasad
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator



 
udaya prasad
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I just created a automatic generating token for LDAP. now what i have to do is, i just want to place variables like username,Generated token,currentTime,client-IPaddress and all in Server Application Context. After that based on user login we just identify whether the user is already logged in or not. if he already logged in then directly goes to HOMEPAGE. moreover, if session expires like max-timeout (or) if s/he logout ,we just delete that generated Token from Application Context. i'm giving you the two main codes what i developed.. just see and give me any snippet of code samples... to do futher(Gmail, Orkut works on this concept only)...
Please help me.




 
udaya prasad
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please help me..... I'm in deep deep trouble... I am struck here.. please give me how to go a head in Single Sign on(SSO)
 
Space pants. Tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic