OpenAM.
Material type: TextPublisher: Olton : Packt Publishing Ltd, 2011Copyright date: ©2011Edition: 1st edDescription: 1 online resource (316 pages)Content type: text Media type: computer Carrier type: online resourceISBN: 9781849510233Subject(s): Computer networks -- Access control | Computers -- Access control | Electronic commerce -- Security measuresGenre/Form: Electronic books.Additional physical formats: Print version:: OpenAMDDC classification: 005.376 LOC classification: QA76.9.A25 -- T43 2011ebOnline resources: Click to ViewIntro -- OpenAM -- Table of Contents -- OpenAM -- Credits -- About the Author -- Acknowledgement -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers and more -- Why Subscribe? -- Free Access for Packt account holders -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Errata -- Piracy -- Questions -- 1. Getting Started -- History of OpenSSO -- OpenSSO vs. OpenAM -- OpenSSO-an overview -- OpenSSO services -- Federation services -- Web Services Security and Secure Token Service -- OpenSSO Entitlements Service -- What kind of problems does OpenSSO solve? -- Access management -- Federation -- Securing web services -- Entitlements -- Summary -- 2. OpenSSO Deployment and Configuration -- Deployment requirements for OpenSSO web application -- Containers and operating systems support -- Java SDK support -- Disk and memory requirements -- Browser requirements -- Configuration store versus Identity Store -- Configuration store -- Embedded configuration store -- External Sun Directory Server Enterprise Edition configuration store -- Identity store -- How to obtain OpenSSO -- Building OpenSSO from source -- Downloading OpenSSO binary -- Configuring OpenSSO -- Installing and configuring Apache Tomcat 6.0.20 -- OpenSSO one click configuration -- Verifying OpenSSO configuration -- What just happened? -- OpenSSO-configuration choices -- Single server configuration-using embedded configuration store -- Layout of the configuration directory -- Single server configuration-using external configuration store -- Multi-server configuration-embedded configuration store -- Prerequisites for multi-server configuration -- Adding OpenSSO to an existing deployment -- Verification of multi-server deployment.
Configuring using command line configurator -- Configuring OpenSSO with SSL/TLS -- Configuring command line tools -- Uninstalling OpenSSO -- OpenSSO release and support model -- Summary -- 3. Administrating OpenSSO -- Administration interfaces -- Accessing the administrative console -- Console views and privileges -- Console landing page-common tasks -- Access control tab -- General -- Authentication -- Service -- Data stores -- Privileges -- Policies -- Subjects -- Managing users from the command line tool -- Managing groups from a command line tool -- Agents -- Configuration -- Retrieving all the server properties -- Updating server configuration properties -- Removing properties from server configuration -- Sessions tab -- Managing sessions using ssoadm -- Customizing the console -- Extending LDAP schema -- Customizing OpenSSO User Service -- Adding attributes to amUser.xml -- Removing User Service schema -- Adding the updated User Service schema -- Adding the labels -- Adding the custom attributes to data store configurations -- Updating privileges -- Testing the changes -- Summary -- 4. Authentication and Session Service -- Authentication process -- Cookies in OpenSSO -- Authentication types and URL parameters -- Module -- Level -- Service -- User -- Role -- Realm -- Resource -- Other authentication URL parameters -- IDToken parameter -- goto and gotoOnFail parameters -- locale parameter -- arg parameter -- iPSPCookie parameter -- ForceAuth parameter -- PersistAMCookie parameter -- Authentication modules, instances, and chains -- LDAP authentication -- Creating an authentication instance -- Updating an authentication instance -- Reading an authentication instance -- Using an authentication instance -- Deleting an authentication instance -- Authentication chains -- Creating an authentication chain -- Updating an authentication chain.
Reading an authentication chain -- Using an authentication chain -- Performing a user-based authentication -- Deleting an authentication chain -- Authentication modules -- LDAP -- Active Directory -- Data store -- Anonymous -- Certificate (X.509) -- Configuring Tomcat in SSL using CA signed certificate -- HTTP basic authentication -- Membership -- JDBC -- HOTP -- SecurID -- SafeWord -- RADIUS -- Unix -- Windows NT -- Windows Desktop SSO -- Core -- User profile requirement -- Setting user profile attributes in an SSO token -- Adding custom authentication modules -- Session Service -- Session Service schema -- Updating Session Service -- Session life cycle -- Session structuring -- Session state transition -- Session properties -- Session change notification and polling -- Session persistence and constraints -- Summary -- 5. Password Reset and Account Management -- Account lockout -- Configuring account lockout -- Physical lockout -- In-memory lockout -- Applying a password reset -- Prerequisites -- Configuring the password reset service in OpenSSO -- Assigning service and update service attributes -- Creating and assigning OpenDS password policy -- Creating OpenDS policy -- Assigning the policy to a user -- Forcing password change after reset -- Behind the scenes -- Location of secret questions -- Summary -- 6. Protecting a Simple Web Application to Provide SSO -- OpenSSO Policy Framework -- Protecting a sample application on Tomcat -- Creating the agent profile -- Installing and configuring the agents -- Deploying and configuring the Java application -- Creating policies and associated identities -- Testing the SSO -- Fetching user profile attributes -- Summary -- 7. Integrating Salesforce and Google Apps -- Integrating OpenSSO with Salesforce applications -- Configuring hosted identity provider and circle of trust.
Configuring OpenSSO metadata for Salesforce.com -- Configuring users for Salesforce.com -- Verifying the SSO -- Integrating with Google Apps -- Configuring the hosted identity provider -- Configuring SSO parameters at Google Apps -- Configuring users for Google Apps -- Verifying SSO -- Summary -- 8. Identity Stores -- Identity store types -- Caching and notification -- Persistent search-based notification -- Time-to-live based notification -- TTL-specific properties for Identity Repository cache -- Supported identity stores -- User schema -- Access Manager Repository plugin -- Creating an Access Manager Repository plugin data store -- Displaying the data store properties -- Updating data store properties -- Deleting data stores -- Removing the Access Manager Repository plugin -- Oracle Directory Server Enterprise Edition -- Creating a data store for Oracle DSEE -- Updating the data store -- Deleting the data store -- Data store for OpenDS -- Data store for Tivoli DS -- Data store for Active Directory -- Data store for Active Directory Application Mode -- Datastore for OpenLDAP -- Configuring an OpenLDAP suffix -- Extending the schema -- Preparing the suffix with necessary entries -- Creating an OpenLDAP data store -- Testing the data store -- Multiple data stores -- Summary -- 9. RESTful Identity Services -- Prerequisites -- Invoking REST interfaces -- Authentication -- Authenticating with URL parameters -- Validating an SSO token -- Invalidating session (logout) -- Creating log events -- Authorization -- Identity CRUD operations -- Searching identities -- Searching for user identities -- Searching groups -- Searching for agents -- Retrieving identity attributes -- Creating agent identities -- Creating user identities -- Creating group identities -- Updating identities -- Deleting identities -- Deleting user identities -- Deleting group identities.
Deleting the agent identities -- Other REST interfaces -- Summary -- 10. Backup, Recovery, and Logging -- Backing up configuration data -- Backing up the OpenSSO configuration files -- Backing up the OpenSSO configuration data -- Crash recovery and restore -- Test to production -- Performing the configuration change -- Configuring the export test server -- Configuring OpenSSO on the production server -- Adapting the test configuration data -- Importing into the production system -- OpenSSO audit and logging -- Enabling debug (trace) level logging -- Audit logging -- Enabling and disabling audit logging -- File-based logging -- Database logging -- Remote logging -- Secure logging -- Creating the keystore -- How to verify -- Summary -- 11. Troubleshooting and Diagnostics -- OpenSSO diagnostic tools -- Installing and configuring the tool -- Invoking the tool -- Troubleshooting -- Installation and configuration -- Scenario 1 -- Scenario 2 -- Scenario 3 -- How to Fix -- Scenario 4 -- Authentication and session areas -- Scenario 1 -- Scenario 2 -- Scenario 3 -- Scenario 4 -- Identity repository and password reset -- Scenario 1 -- Scenario 2 -- Scenario 3 -- Scenario 4 -- Scenario 5 -- Policy and agents -- Scenario 1 -- Scenario 2 -- Scenario 3 -- Command line tools -- Scenario 1 -- Scenario 2 -- Summary -- Index.
Written and tested with OpenAM Snapshot 9-the Single Sign-On (SSO) tool for securing your web applications in a fast and easy way.
Description based on publisher supplied metadata and other sources.
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2018. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
There are no comments on this title.