GeeCON Prague 2014*
The moose likes Servlets and the fly likes How to approach Single Sign On(SSO) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "How to approach Single Sign On(SSO)" Watch "How to approach Single Sign On(SSO)" New topic
Author

How to approach Single Sign On(SSO)

udaya prasad
Greenhorn

Joined: Jun 21, 2011
Posts: 5
Hi All,

Actually we have so many web based applications (projects), here one user can have access to more than one Web application. Now, what we have to do is,
If one user login to one application, at the same time if he wants to access another application which is belongs to same server. It directly goes to home page of another application without entering user name and all…(Centralised Login)

Now my project manager asking me, first connect to LDAP and stores user information in a token (temporary). Token uses to authenticate user. if the user is new then it directly goes to LDAP and create new token for him. And my PM wants me; we have to maintain session for each token. After 15 mins we have to delete that token from database.
I’m using oracle application server 10.1.2.
Mike Zal
Ranch Hand

Joined: May 04, 2011
Posts: 144

That sounds a lot like Kerberos


OCJP6, OCWCD5
udaya prasad
Greenhorn

Joined: Jun 21, 2011
Posts: 5


I just created a automatic generating token for LDAP. now what i have to do is, i just want to place variables like username,Generated token,currentTime,client-IPaddress and all in Server Application Context. After that based on user login we just identify whether the user is already logged in or not. if he already logged in then directly goes to HOMEPAGE. moreover, if session expires like max-timeout (or) if s/he logout ,we just delete that generated Token from Application Context. i'm giving you the two main codes what i developed.. just see and give me any snippet of code samples... to do futher(Gmail, Orkut works on this concept only)...
Please help me.



1) Main .java



import java.util.Map;

/**

*

* @author udayaprasad.vakalapudi

*/

public class Main {

/**

* @param args the command line arguments

*/

public static void main(String[] args) {

// TODO code application logic here

ADAuthenticator authenticator = new ADAuthenticator();

Map userMap = null;

try {

userMap = authenticator.authenticate("udayaprasad.vakalapu",
"PASSWORD");

} catch (Exception x) {

System.out.println(x.getMessage());

}

if (userMap != null) {

System.out.println("User Authenticated Successfully");

System.out.println("Generating token for the authenticated user("
+ userMap.get("givenName") + ")...");

System.out.println("Token generated: "
+ authenticator.generateToken());

}

else {

System.out.println("User Authentication Failed! Incorrect Username/Password!");

}

}

}




2) ADAuthenticator.java





import java.util.HashMap;

import java.util.Hashtable;

import java.util.Map;

import java.util.UUID;

import javax.naming.Context;

import javax.naming.NamingEnumeration;

import javax.naming.NamingException;

import javax.naming.directory.Attribute;

import javax.naming.directory.Attributes;

import javax.naming.directory.SearchControls;

import javax.naming.directory.SearchResult;

import javax.naming.ldap.InitialLdapContext;

import javax.naming.ldap.LdapContext;

/**

*

* @author niranjan.vaidya

*/

public class ADAuthenticator {

private String domain;

private String ldapHost;

private String searchBase;

public ADAuthenticator() {

this.domain = "companyname.in";

this.ldapHost = "ldap://IPADDRESS";

this.searchBase = "dc=bajajallianz,dc=in";

}

public ADAuthenticator(String domain, String host, String dn) {

this.domain = domain;

this.ldapHost = host;

this.searchBase = dn;

}

public Map authenticate(String user, String pass) {

String returnedAtts[] = { "sn", "givenName", "mail" };

String searchFilter = "(&(objectClass=user)(sAMAccountName=" + user
+ "))";

//Create the search controls

SearchControls searchCtls = new SearchControls();

searchCtls.setReturningAttributes(returnedAtts);

//Specify the search scope

searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

Hashtable env = new Hashtable();

env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL, ldapHost);

env.put(Context.SECURITY_AUTHENTICATION, "simple");

env.put(Context.SECURITY_PRINCIPAL, user + "@" + domain);

env.put(Context.SECURITY_CREDENTIALS, pass);

LdapContext ctxGC = null;

try {

ctxGC = new InitialLdapContext(env, null);

//Search objects in GC using filters

NamingEnumeration answer = ctxGC.search(searchBase, searchFilter,
searchCtls);

while (answer.hasMoreElements()) {

SearchResult sr = (SearchResult) answer.next();

Attributes attrs = sr.getAttributes();

Map amap = null;

if (attrs != null) {

amap = new HashMap();

NamingEnumeration ne = attrs.getAll();

while (ne.hasMore()) {

Attribute attr = (Attribute) ne.next();

amap.put(attr.getID(), attr.get());

// System.out.println("attr.getID()" + attr.getID());

// System.out.println("attr.get()" + attr.get());

}

ne.close();

}

return amap;

}

} catch (NamingException ex) {

System.out.println(ex.getMessage());

}

return null;

}

public String generateToken() {

return UUID.randomUUID().toString();

}

}

udaya prasad
Greenhorn

Joined: Jun 21, 2011
Posts: 5



udaya prasad
Greenhorn

Joined: Jun 21, 2011
Posts: 5
I just created a automatic generating token for LDAP. now what i have to do is, i just want to place variables like username,Generated token,currentTime,client-IPaddress and all in Server Application Context. After that based on user login we just identify whether the user is already logged in or not. if he already logged in then directly goes to HOMEPAGE. moreover, if session expires like max-timeout (or) if s/he logout ,we just delete that generated Token from Application Context. i'm giving you the two main codes what i developed.. just see and give me any snippet of code samples... to do futher(Gmail, Orkut works on this concept only)...
Please help me.




udaya prasad
Greenhorn

Joined: Jun 21, 2011
Posts: 5
Please help me..... I'm in deep deep trouble... I am struck here.. please give me how to go a head in Single Sign on(SSO)
 
GeeCON Prague 2014
 
subject: How to approach Single Sign On(SSO)