JOSSO, or Java Open Single Sign-On, is an open source J2EE and Spring-based SSO infrastructure aimed to provide a solution for centralized, platform neutral, user authentication and authorization.
- Pluggable framework: It provides a component-centric infrastructure that allows to leverage existing user identity repositories and
authentication mechanisms. Custom access management plugins can be implemented in an out-of-the-box fashion using the POJO component model and injected using the Spring configuration format.
- Non intrusive 0% development: SSO-enabled web applications don't have to depend on any proprietary Single Sign-On API. JOSSO handles the whole authentication flow transparently, propagating the security context to web and EJB tiers for consumption using the standard JEE interfaces.
- Wide Application Container Support: End-to-End declarative integration with Tomcat, JBoss, Weblogic and Apache Httpd server.
- Spring Friendly: Can be deployed on top of the Spring IoC container and leveraged as the default SSO implementation of the
Spring Security layer. It can provide fine-grained authorization services to SSO-enabled Spring security applications.
- Middleware-free Cross-domain/Cross-organization SSO: Federated settings between organizations can be implemented without deploying additional hardware nor software middleware such as reverse proxies.
- Cross-platform: It allows the integration of Java and non-Java applications, such as PHP, Microsoft ASP and any server-side scripting application, by leveraging the native SOA architecture of the product.
- Commitment to open standards: It leverages industry standards such as JEE, Spring, JAAS, web services/SOAP, EJB, servlet/JSP, JMX and Struts.
- SSO Gateway (IdP): It's the SSO server, also known as Identity Provider, responsible of acting as a the web access management authority for SSO-enabled applications and their users.
- SSO Agent: Handles the single sign-on use-cases and execution environment integration details for SSO-enabled applications. Agents consume Gateway identity services.
- Partner application (SP): SSO-enabled web application, also known as Service Provider, that relies on the SSO Agent and Gateway components for providing the Single Sign-On experience to users.