Added by Anonymous, last edited by Gianluca Brigandi on Jan 12, 2009  (view change)


Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.

JOSSO, or Java Open Single Sign-On, is an open source J2EE and Spring-based SSO infrastructure aimed to provide a solution for centralized, platform neutral, user authentication and authorization.

JOSSO addresses web single sign-on based on these concepts

  • Pluggable framework: It provides a component-centric infrastructure that allows to leverage existing user identity repositories and
    authentication mechanisms. Custom access management plugins can be implemented in an out-of-the-box fashion using the POJO component model and injected using the Spring configuration format.
  • Non intrusive 0% development: SSO-enabled web applications don't have to depend on any proprietary Single Sign-On API. JOSSO handles the whole authentication flow transparently, propagating the security context to web and EJB tiers for consumption using the standard JEE interfaces.
  • Wide Application Container Support: End-to-End declarative integration with Tomcat, JBoss, Weblogic and Apache Httpd server.
  • Spring Friendly: Can be deployed on top of the Spring IoC container and leveraged as the default SSO implementation of the
    Spring Security layer. It can provide fine-grained authorization services to SSO-enabled Spring security applications.
  • Middleware-free Cross-domain/Cross-organization SSO: Federated settings between organizations can be implemented without deploying additional hardware nor software middleware such as reverse proxies.
  • Cross-platform: It allows the integration of Java and non-Java applications, such as PHP, Microsoft ASP and any server-side scripting application, by leveraging the native SOA architecture of the product.
  • Commitment to open standards: It leverages industry standards such as JEE, Spring, JAAS, web services/SOAP, EJB, servlet/JSP, JMX and Struts.

JOSSO comprises three main components

  • SSO Gateway (IdP): It's the SSO server, also known as Identity Provider, responsible of acting as a the web access management authority for SSO-enabled applications and their users.
  • SSO Agent: Handles the single sign-on use-cases and execution environment integration details for SSO-enabled applications. Agents consume Gateway identity services.
  • Partner application (SP): SSO-enabled web application, also known as Service Provider, that relies on the SSO Agent and Gateway components for providing the Single Sign-On experience to users.

JOSSO Protocol Finite State Machine (FSM)