aspose file tools*
The moose likes Security and the fly likes Java security and SSO question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Java security and SSO question" Watch "Java security and SSO question" New topic
Author

Java security and SSO question

Andrew Carney
Ranch Hand

Joined: Oct 17, 2006
Posts: 96
Hello,

We would like to enable SSO between two servers.
The producer side uses this code:



I need to implement the consumer side.
The producer gave me the url to his server and asked me to append to the url two parameters: The message and the signature.
Can someone please help/explain me how to create those?

Thank you in advance
Santhosh Kumar
Ranch Hand

Joined: Nov 07, 2000
Posts: 242
Even though loading the private key from from file works, the preferred way is to keep it securely stored in a java KeyStore. Check out more about it at java.sun.com

Your question is little bit confusing and not clear as to what is that you want to do. I'm answering with my best understanding of the question.

Signing a piece of text (could be anything, like just a user id, or user id with url, etc), is two step process.

1. Create a message digest out of the text
2. Encrypt the message digest using the private key, which produces Signature.

Once signature is created, it should not be altered in anyway otherwise signature would be broken and consumer would not be able to validate it.

So in your case, if the consuming party requesting you to add the url, change your generateMessage() method to add the url parameter and sign that generated message.
[ July 03, 2008: Message edited by: Santhosh Kumar ]
Andrew Carney
Ranch Hand

Joined: Oct 17, 2006
Posts: 96
Hi Santosh.

So in your case, if the consuming party requesting you to add the url, change your generateMessage() method to add the url parameter and sign that generated message.


Can you please provide me with a general code example for this?

Rgds,
Roy
Santhosh Kumar
Ranch Hand

Joined: Nov 07, 2000
Posts: 242
I'm not sure if this is what you meant to ask as an example nevertheless I just modified your original code to add the url.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Java security and SSO question