Reputation: 2007
SSO confusion - incorporating SSL difficulties
I have a WebSphere on AIX server, and a simple java client on windows XP (connects to server over http). I would like to incorporate SSL for client autherization. Mainly, I have a smartcard reader.
The only problem is - the smartcard is used already once to access Windows and we would like to save the trouble for the client to re-enter PIN during client application startup.
I started reading a lot about SSO - which I was assured can help my problem. This led me to reading about WebSphere's support for SPENGO - in their redbooks. Problem is it involves a lot of support from the Active directory people - and they are not keen on helping - and also I fear they're envolvement can slow down the incorporation.
So now I am looking into OpenSSO, WAFFLE, JOSSO and other frameworks that may help me.
But wait - this all seems like a major overspec. All I wanted was to save my client a second prompt to the smartcard. What I really want is a method - one of the following:
-A Windows XP and above setting that will enable me to retreive the certificate inside the smart card (along with some access to encryption/decryption capabilities to authenticate the certificate).
-Some sort of access to windows to allow me these options
-Perheps, Some sort of java pkcs#11 method that will enable me to get access to the same connection as Windows.
-Is such an ability vendor specific?
Is this even possible? The wikipedia Single sign-on entry http://en.wikipedia.org/wiki/Single_sign-on speaks of SSO with smartcards - but so far I haven't been able to find any way on how to do it. All I know is that my smartcard is prompts a second time if I try to use it with the regular pkcs#11 code.
To sum up: 1. Is there a windows/verndor specific/java to enable me to SSO using the smartcard. 2. If not or if not recommended, what other SSO solution should I use given that I don't want to depend on the Active directory people? 3. In the worst case, where SSO can only be efficiently acheived with Kerberose and ActiveDirectory - what implementation could be less demanding on the ActiveDirectory side?
Thank you.
Upvotes: 1
Views: 200
Answers (0)
Related Questions
- Cross-platform SSO - where to start?
- How to implement SSO in Java with SAML?
- Java SAML2 SSO client
- how to implement SAML sso using Java, Java EE
- SSO integration with Apache
- IdP-Initiated Web SSO Profile using JAVA and SAML 2.0
- Implementing SSO using SAML
- Integrating Java Web App with SAML SSO
- CAS and SAML2 SSO by example
- pkcs11 sso (using prior windows login with smartcard)