WebSEAL enthousiasts will tell you that this reverse-proxy solution is of top quality and offers customers a great deal of flexibility. On the other hand, they would have to admit that it requires development effort to integrate it with other (stronger) authentication modules than the four authentication modules it ships with.
OpenSSO enthousiasts will tell you that the free OpenSSO product is of top quality and offers customers a great deal of flexibility and authentication modules out-of-the-box. On the other hand, they would have to admit that one has to build its own reverse-proxy solution with it.
If only there was a way to create a synergy between these two market leading products ... Enter the WebSEAL External Authentication Interface (EAI). This WebSEAL feature allows customers to delegate the authentication process to a third party component. Using OpenSSO as the External Authentication component is like a perfect match. OpenSSO supports a vast number of authentication modules right out-of-the-box like Active Directory, SAML, SecurID, InfoCard and even biometric systems, to name a few. Furthermore it can be deployed on a WebSphere application server and last but not least; it's free!
At IS4U, we put this into practice and wrote a whitepaper about it. It's freely accessible. Feel free to distribute our whitepaper to whom it may concern and provide us with feedback.
Identifying with your business
Showing posts with label SUN. Show all posts
Showing posts with label SUN. Show all posts
Tuesday, 14 April 2009
Tuesday, 1 April 2008
Server Encryption key
When you setup a development and testing environment with Sun Identity Manager, you are going to get some problems with Server Encryption Keys when you try to import encrypted objects from one server instance into the other.
Server encryption keys are symmetric, triple-DES 168-bit keys. A server can have more then one key. Every encrypted object is prefixed by the ID of the encryption server that is used. So Identity Manager knows which Server Encryption Key to use.
For the testing and development environment it's usefull to have the same encryption keys so you can exchange your encrypted objects without much effort. You can use the Manage Encryption Key feature to create new encryption keys, export them and re-encrypt the objects with the current encryption key. This feature doesn't allow you to set the current encryption key to a specific imported encryption key. So it can't help us to get the same key on both the test and development installation.
For this problem we had to make a custom workflow that invoked a custom java class. The java class just gets and sets the current Server Encryption Key. The workflow displays the current key and a drop-down-box to pick your new Current Server Encryption Key. Once you imported the new Server Encryption Key (through import exchange file) and set it to the current key, you can re-encrypt all objects with this current key through the Manage Server Key feature.
With this solution you can have the same Server Encryption Key on all your Identity Manager instances.
Server encryption keys are symmetric, triple-DES 168-bit keys. A server can have more then one key. Every encrypted object is prefixed by the ID of the encryption server that is used. So Identity Manager knows which Server Encryption Key to use.
For the testing and development environment it's usefull to have the same encryption keys so you can exchange your encrypted objects without much effort. You can use the Manage Encryption Key feature to create new encryption keys, export them and re-encrypt the objects with the current encryption key. This feature doesn't allow you to set the current encryption key to a specific imported encryption key. So it can't help us to get the same key on both the test and development installation.
For this problem we had to make a custom workflow that invoked a custom java class. The java class just gets and sets the current Server Encryption Key. The workflow displays the current key and a drop-down-box to pick your new Current Server Encryption Key. Once you imported the new Server Encryption Key (through import exchange file) and set it to the current key, you can re-encrypt all objects with this current key through the Manage Server Key feature.
With this solution you can have the same Server Encryption Key on all your Identity Manager instances.
Subscribe to:
Posts (Atom)