By harcey on Oct 16, 2007
The User Management Lite sample application was designed to provide a way to integrate user provisioning services into a remote java application. It uses the OpenPTK's provisioning tag library to provide a simple way to add user provisioning services to a java application.
The OpenPTK User Management Lite (UML) was designed to showcase user provisioning and self service functions. Authentication and Authorization are necessary for a complete solution deployment. The UML provides an interface for user authentication. The UML was designed to be protected by a web single signon infrastructure like Sun Acccess Manager or OpenSSO. If a web single signon infrastructure is not configured with the UML, it provides simulated authentication screens to enable the sample application's features to be used. In a real world deployment, it is expected that the authentication will be implemented in many different ways and is out of scope of the core OpenPTK framework features. The instructions below describe the steps to protect the UML application with OpenSSO. The same steps would be required with Sun Access Manager or another web single signon infrastructure.
Configuring OpenSSO to protect the OpenPTK User Management Lite (UML)The UML was designed to be protected by a web single signon infrastructure. Once it is deployed to an application server, it can be protected by an agent for integration with the web single signon infrastructure. The following high level tasks will enable authentication of the UML to be provided by an external infrastructure:
- Deploy UML .war file
- Deploy OpenSSO infrastructure and Agent to protect UML's application server
- Create a policy for UML access in OpenSSO (or Sun Access Manager)
- Protect the UML application (if deployed on Application Server, this step is not required if deploying on Sun Web Server) in web.xml
- Configure the agent to insert an HTTP header named: openptkid
- Configure the agent to not enforce the UML welcome page