Chat now with support
Chat with Support

Single Sign-On for Java 3.3.2 - Administration Guide

About this guide Introducing Single Sign-on for Java Preparing for Single Sign-on for Java Deploying Single Sign-on for Java
Getting started with Single Sign-on for Java Single Sign-on for Java and your web applications Setting up logging Controlling access to resources
Security Issues Maintenance and Troubleshooting Appendix: Configuration Parameters Appendix: Using the JKTools

Identify the roles that are to access these resources

Once you have identified the resources to protect, you need to identify the roles that are to have access to these resources.

Roles are an abstraction for grouping users under one heading relating to the tasks or permissions you wish to allow. For example, you may wish to allow administrator access to an application, access by normal customers and access by premium customers. So you could define three roles:

  • Admin
  • Customer
  • Premium Customer

These roles are then allocated to the resources they are allowed to access. When deciding to which resources a given role should be allowed access, you should adhere to the principle of least privilege.

Each role should be allowed to access only those resources that they need to complete their tasks, and no more.

Disable security constraints in existing deployment descriptor

Single Sign-on for Java will not work if there are existing constraints defined in your deployment descriptor. This is because these constraints apply before the Single Sign-on for Java Servlet/Filter is run, and prevent access. However, you can copy these constraints directly from the existing deployment descriptor to the policy XML file.

Creating the policy XML file

To setup the policy XML file

  1. Create the policy XML file.
  2. Create the main body of the policy XML file.
  3. Define security constraints.
  4. Define roles.
  5. Set the deployment descriptor parameters.

The following sections discuss each of these steps in more detail.

Create the policy XML file

Create the file using a standard text editor. It should be saved with the extension .xml in the WEB-INF directory of the Web application.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating