Skip to end of metadata
  • Created by Former user, last modified by Former user on Mar 03, 2010
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Java Service Provider

The current SP implementation is a) a set of plugins to a standard webserver, and b) a separate task. The web server provides a standard set of hooks for external authN and authZ functionality; the web server environment also provides a standard interface for passing information (eg attribute values) between the web server and an application. This could apply equally to Java, or a more native approach could be taken. More likely a hybrid approach would be sensible. We are seeking use cases that describe specifically how a java SP implementation should integrate into the container and servlet environment.

  • Should the SP be a filter?
  • Should any of it run in a separate context?
  • Should it integrate well with Spring? To what extent should the servlet/application be aware of the presence of the SP?
  • Is anything viable without losing vendor support in the case of packaged applications?

There are existing open source java-based SAML SP implementations:

  • OpenSSO from Sun Microsystems
  • a toolkit from the Danish Government, based on OpenSAML, which implements a java SP as a filter
  • Enterprise Sign On Engine (ESOE)

Are these existing options sufficient? If not, we need to identify how we would distinguish our work from them to provide added value.

  • No labels