Part IV. Authentication and Authorization

Table of Contents

7. Authentication and Authorization
7.1. Authentication Methods
7.2. Authentication Workflow
7.2.1. RememberMe Authentication
7.2.2. Re-authentication
7.2.3. RemindPasswordToken Service
7.3. Login Modules
7.3.1. Types of Login Modules
7.3.2. About Custommembership Login Module
7.3.3. Configuring Custommembership Login Module
7.3.4. Creating a Login Module
7.3.5. Levels of Authentication
7.3.6. Authenticator Interface
7.3.7. RolesExtractor Interface
7.4. Authorization
7.4.1. Servlet Container Authorization
7.4.2. Portal Authorization
8. Password Encryption using PicketLink IDM Framework
8.1. Hashing and Salting of Passwords in PicketLink IDM
8.2. Implementing Credential Encoder
8.2.1. Default Implementation of CredentialEncoder
8.2.2. Choosing CredentialEncoder Implementation
8.2.3. Configuring Hashing Encoder
8.2.4. Configuring DatabaseReadingSaltEncoder
8.2.5. Configuring FileReadingSaltEncoder
8.2.6. Migration of Credential Encoder
9. PicketLink IDM Integration
9.1. Introduction to PicketLink IDM
9.2. Configuring Picketlink IDM
9.2.1. PicketlinkIDmServiceImpl Service
9.2.2. PicketlinkIDMOrganizationServiceImpl Service
10. Token Service
10.1. Implementing Token Service API
10.2. Configuring Token Services
11. Predefined User Configuration
11.1. Monitoring User Creating
12. Single Sign-on
12.1. File Name Conventions
12.2. Single Sign-on (SSO) Configuration
12.3. Central Authentication Service (CAS)
12.3.1. Authentication Process with Central Authentication Service integration
12.3.2. Logging out Process with Central Authentication Service integration
12.3.3. Configuration Result
12.4. Configuration for Central Authentication Service (CAS)
12.4.1. Downloading Central Authentication Service
12.4.2. Modifying the Central Authentication Service (CAS) Server
12.4.3. Authentication Plugin for Central Authentication Service (CAS)
12.4.4. Configuring the Authentication Plugin
12.4.5. Setting up Logout Redirection
12.4.6. Cookie Configuration for Central Authentication Service (CAS) Single Sign-on
12.4.7. Portal Authentication using Central Authentication Service Ticket Granting Cookie (CASTGC)
12.4.8. Installing Apache Tomcat Server
12.5. Modifying the Portal
12.5.1. Configuring Portal Single Sign-on
12.5.2. Configuration properties for Portal Single Sign-on
12.6. Building and Deploying Central Authentication Service (CAS)
13. Java Open Single Sign-on
13.1. Authenticating Java Open Single Sign-on
13.2. Java Open Single Sign-on Version 1.8
13.2.1. Setting up Java Open Single Sign-on Server
13.2.2. Setting up Java Open Single Sign-on Client
13.3. Java Open Single Sign-on Version 2.2
13.3.1. Setting up Java Open Single Sign-on Server
13.3.2. Setting up Java Open Single Sign-on Client
14. OpenAM
14.1. Downloading OpenAM
14.2. OpenAM Workflow
14.3. OpenAM Server
14.3.1. Setting up OpenAM Server
14.3.2. Deploying the OpenAM Server
14.3.3. Adding the Authentication Plugin
14.3.4. Configuring a Realm in OpenAM User Interface
14.4. Configuring the Platform as an OpenAM Client
14.5. Cross-domain with OpenAM
14.5.1. Authenticating Cross-domain with OpenAM
14.5.2. Configuring Cross-domain Authentication
15. Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO)
15.1. SPNEGO Server
15.1.1. Configuring the SPNEGO Server
15.2. Configuring the SPNEGO Client
15.3. Configuring SPNEGO
15.4. Testing SPNEGO Configuration
15.5. Disabling Fallback to FORM Authentication
15.6. Enabling Logging
16. Single Sign-on in a Cluster
16.1. Clustered Single Sign-on in a Shared DNS Domain
16.1.1. Configuring and Testing Single Sign-on in a Shared DNS Domain
16.2. Reauthentication
17. LDAP Integration
17.1. Setting up LDAP
17.2. LDAP in Read only mode
17.2.1. Setting up LDAP Read-only Mode
17.2.2. Setting up Red Hat Directory Server or OpenDS
17.2.3. Setting up Microsoft Active Directory
17.2.4. Setting up OpenLDAP
17.3. LDAP as Default Store
17.3.1. Setting up LDAP as Default Identity Store
17.3.2. Setting up RHDS and OpenDS
17.3.3. Setting up Microsoft Active Directory
17.3.4. Setting up OpenLDAP
17.4. Integration Examples
17.4.1. Example 1 LDAP Configuration
17.4.2. Example 2 Read-only groupType Mappings
17.4.3. Example 3 Default groupType Mappings
18. Security Assertion Markup Language (SAML2)
18.1. Authentication in SAML2
18.2. Configuring a Basic SAML2 Instance
18.2.1. SAML2 Configuration Scenario
18.2.2. Configuring a SAML2 Service Provider
18.2.3. Configuring a SAML2 Identity Provider
18.2.4. Testing the Configuration
18.3. Disabling SAML2 Single Logout
18.4. Implementing Keystores
18.5. Setting up PicketLink IDP using REST callback
18.6. Additional Information for SAML2
19. Using JBoss Portal SSO with Salesforce and Google Apps
19.1. JBoss Portal as the Identity Provider (IDP) and Salesforce as the Service Provider (SP)
19.1.1. IDP (JBoss Portal) and SP (Salesforce) Prerequisites
19.1.2. Obtain a Salesforce developerforce Account
19.1.3. Creating a Salesforce Domain
19.1.4. Configure SAML SSO SP Settings
19.1.5. Import Message Signing Certificate into Salesforce
19.1.6. Create Salesforce and Portal Users
19.1.7. Obtain the Salesforce Client Certificate
19.1.8. Configure JBoss Portal as the IDP
19.1.9. Test the IDP (JBoss Portal) and SP (Salesforce) Configuration
19.2. JBoss Portal as the Identity Provider (IDP) and Google Apps as the Service Provider (SP)
19.2.1. IDP (JBoss Portal) and SP (Google Apps) Prerequisites
19.2.2. Create A Google Apps for Business Account
19.2.3. Create Default Google Apps for Business Users
19.2.4. Configuring Google Apps as the SP
19.2.5. Configuring JBoss Portal as the IDP
19.2.6. Testing the IDP (JBoss Portal) and SP (Google Apps) Configuration
19.3. Salesforce as the Identity Provider (IDP) and JBoss Portal as the Service Provider (SP)
19.3.1. IDP (Salesforce) and SP (JBoss Portal) Prerequisites
19.3.2. Obtain a Salesforce developerforce Account
19.3.3. Creating a Salesforce Domain
19.3.4. Disable SP Single Sign-on in Salesforce
19.3.5. Create and Apply a Salesforce IDP Message Signing Certificate
19.3.6. Create Salesforce and Portal Users
19.3.7. Configuring Salesforce as the IDP
19.3.8. Configuring JBoss Portal as the SP
19.3.9. Testing the IDP (Salesforce) and SP (JBoss Portal) Configuration
20. OAuth - Authentication with Social Network accounts
20.1. Working of OAuth Protocol
20.2. OAuth Protocol User Interface
20.2.1. User Registration
20.2.2. Login Workflow
20.3. Integrating OAuth with the Portal
20.4. Integration of OAuth with Facebook
20.4.1. Registration of Portal application on Facebook
20.4.2. Configuring JBoss Portal for using OAuth Protocol with Facebook
20.5. Integration of OAuth with Google plus
20.5.1. Registration of Portal application on Google
20.5.2. Configuring JBoss Portal for using OAuth Protocol with Google plus
20.6. Integration of OAuth with Twitter
20.6.1. Registration of Portal application on Twitter
20.6.2. Configuring JBoss Portal for using OAuth Protocol with Twitter
21. Impersonation
21.1. Using Impersonation
22. Wildcard Membership Type
22.1. Wildcard Membership Configuration and Initialization
22.2. Wildcard Membership API