Part III. Authentication and Authorization

Table of Contents

18. Introduction to Authentication and Authorization

18.1. Authentication Overview

18.2. Login Modules

18.2.1. Existing Login Modules
18.2.2. Creating Your Own Login Module
18.2.3. Authenticator and RolesExtractor

18.3. Different Authentication Workflows

18.3.1. RememberMe Authentication
18.3.2. Authorization Overview

19. Password Encryption

19.1. Hashing and Salting of Passwords in PicketLink IDM

19.1.1. Choosing CredentialEncoder Implementation

19.2. Password Encryption of Rememberme Passwords

20. Predefined User Configuration

20.1. Plug-in for Adding Users, Groups and Membership Types
20.2. Membership Types
20.3. Groups
20.4. Users
20.5. Plug-in for Monitoring User Creation

21. Authentication Token Configuration

21.1. The Token Service
21.2. Implementing the Token Service API
21.3. Configuring Token Services

22. PicketLink IDM Integration

22.1. Configuration Files

22.1.1. PicketlinkIDMServiceImpl
22.1.2. PicketlinkIDMOrganizationServiceImpl

23. Organization API

24. Accessing User Profile

25. Create Users and Groups without Organization API

25.1. Enable Initializer
25.2. Operations
25.3. Using configuration directives
25.4. Using JMX Console
25.5. Using REST Interface

26. Single Sign-On

26.1. Overview and Configuration Assumptions

26.2. Central Authentication Service (CAS)

26.2.1. Authentication Process
26.2.2. Logout Process
26.2.3. CAS Configuration Overview
26.2.4. Modifying the CAS server
26.2.5. Install Apache Tomcat Server
26.2.6. Modifying the Portal
26.2.7. Build and Deploy the CAS

26.3. Java Open Single Sign-On (JOSSO)

26.3.1. Authentication Process
26.3.2. JOSSO 1.8
26.3.3. JOSSO 2.2

26.4. OpenAM

26.4.1. Login and Logout Workflow
26.4.2. Obtaining OpenAM
26.4.3. OpenAM Server Setup
26.4.4. JBoss Portal Platform Setup as OpenAM Client
26.4.5. Cross-domain Authentication with OpenAM

26.5. Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO)

26.5.1. SPNEGO Server Configuration
26.5.2. Client Configuration
26.5.3. JBoss Portal Platform Configuration
26.5.4. SPNEGO Configuration Testing
26.5.5. Additional Configuration

26.6. Single Sign-On in a Cluster

26.6.1. Default Configuration
26.6.2. Clustered Single Sign-On in a Shared DNS Domain
26.6.3. Reauthentication

27. LDAP Integration

27.1. LDAP in Read-only Mode
27.2. LDAP as Default Store
27.3. Examples

28. Security Assertion Markup Language (SAML2)

28.1. What is SAML2

28.2. What is an Assertion

28.3. What is an Identity Provider (IDP)

28.4. What is a Service Provider (SP)

28.5. SAML2 Authentication Overview

28.6. The platform as SAML2 SP and SAML2 IDP

28.7. Disable SAML2 Single logout

28.8. Implementing Keystores

28.9. Setup with Picketlink IDP using REST callback

28.10. Integration with Salesforce and Google Apps

28.10.1. Scenario One
28.10.2. Scenario Two
28.10.3. Scenario Three
28.10.4. Tips and Tricks