This week's giveaway is in the Spring forum.
We're giving away four copies of Learn Spring Security (video course) and have Eugen Paraschiv on-line!
See this thread for details.
Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Java security and SSO question

 
Andrew Carney
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

We would like to enable SSO between two servers.
The producer side uses this code:



I need to implement the consumer side.
The producer gave me the url to his server and asked me to append to the url two parameters: The message and the signature.
Can someone please help/explain me how to create those?

Thank you in advance
 
Santhosh Kumar
Ranch Hand
Posts: 242
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Even though loading the private key from from file works, the preferred way is to keep it securely stored in a java KeyStore. Check out more about it at java.sun.com

Your question is little bit confusing and not clear as to what is that you want to do. I'm answering with my best understanding of the question.

Signing a piece of text (could be anything, like just a user id, or user id with url, etc), is two step process.

1. Create a message digest out of the text
2. Encrypt the message digest using the private key, which produces Signature.

Once signature is created, it should not be altered in anyway otherwise signature would be broken and consumer would not be able to validate it.

So in your case, if the consuming party requesting you to add the url, change your generateMessage() method to add the url parameter and sign that generated message.
[ July 03, 2008: Message edited by: Santhosh Kumar ]
 
Andrew Carney
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Santosh.

So in your case, if the consuming party requesting you to add the url, change your generateMessage() method to add the url parameter and sign that generated message.


Can you please provide me with a general code example for this?

Rgds,
Roy
 
Santhosh Kumar
Ranch Hand
Posts: 242
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure if this is what you meant to ask as an example nevertheless I just modified your original code to add the url.

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic