Friday May 01, 2009

Romanticizing the OpenSSO WSSAuth Authentication Module

The WS-Security specifies the Username Token Profile for providing basic authentication information. The profile describes how the UsernameToken element can be used as a means for communicating a user identifier and password between a web service provider (WSP) and web service client (WSC). The OpenSSO WSSAuth authentication module validates the credentials presented by the WSC using the UsernameToken profile.

The UsernameToken profile contains an element to present a hash of the user's password - the PasswordDigest element. Using this element adds security as the password is not exposed as clear text. The following steps show how to configure for authentication using the Username Token profile with a one way hash password.
  1. Login into the OpenSSO console as administrator.
  2. Navigate to Access Control -> / (Top Level Realm) -> Agents -> Web Service Client -> wsc
  3. Select UserName Token as the value of Security Mechanism.
    This uses the PasswordDigest option.
  4. Enable User Authentication Required to generate a user token.
  5. Change the Name and Password values for the Credential for User Token.
    This attribute contains the shared secrets used by the WSC to generate a user token. The password should be the same as the hashed password stored in the OpenSSO configuration data store. Use ldapsearch if the data store is Directory Server. NOTE: This step is for demonstration purposes only. In real deployments, the WSC and WSP would have a common agreement about their password storage policy.
  6. Navigate to Access Control -> / (Top Level Realm) -> Authentication.
  7. Create a new authentication chain named wssauthchain.
    See Configuring an Authentication Process Using the OpenSSO Enterprise Console.
  8. Click wssauthchain in the list of authentication chains.
  9. Add WSSAuth as the required Authentication Mechanism and click Save.
  10. Navigate to Access Control -> / (Top Level Realm) -> Agents -> Web Service Provider -> wsp
  11. Select UserName Token as the value of Security Mechanism and wssauthchain as the authentication chain.
  12. Click Save.

To test the configurations, use the stock quote sample included with the Web Services Security Agent. After attempting to access the sample's main page, the user is redirected to OpenSSO for authentication. After successfully authenticating, the user is redirected back to the main page. When the user clicks the Get Quote button, stock quote values are displayed and the authentication mechanism used is displayed; in this case, Username Token with digest option. Changing the security mechanism would result in the new security mechanism being displayed. When logging is enabled, the OpenSSO logs would also have the appropriate tokens.

More romanticizing with Combo Audio performing the indy version of their tune, Romanticide for this video cover. I thought it was the real deal because the 7" single I owned back then had no band picture. Still a great tune.

Unlike the version they rerecorded after signing with a major label. This cleaner version is okay but not the bomb that was dropped when they released the original. But at least there's a video!

About

docteger

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today