Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Daniel Doubrovkine (dblock[at]dblock[dot]org)
Single Sign-On

w/ Tomcat & WAFFLE

6/8/2010
Tomcat ->
Waffle ->
2 www.appsecinc.com
FORM Authentication
GET /index.jsp
304 Redirect
Location: login.jsp
...
POST /login.jsp
j_username=…;j...
3 www.appsecinc.com
HTTP Authentication
GET /index.jsp
401 Access Denied
WWW-Authenticate: Basic
WWW-Authenticate: NTLM
.....
4 www.appsecinc.com
Authorization Methods
● BASIC: Base64(username:password)
● DIGEST: Md5(HA1(HA2(…)))
● NTLM: LM Challen...
5 www.appsecinc.com
Tomcat, Jetty, etc.
● Servlet Filter
catch-all
● Tomcat Authenticator
authentication method
● Spi Logi...
6 www.appsecinc.com
Demo: FORM
● How: Login Module + JAAS Realm
● Authentication Method = FORM
● Username, password from F...
7 www.appsecinc.com
Demo: JAAS
● How: Login Module + JAAS Realm
● Authentication Method = BASIC
● Username, password from ...
8 www.appsecinc.com


Demo: Negotiate
● How: Authenticator Valve
● Authentication Method = Negotiate
● Windows Realm
● Sin...
9 www.appsecinc.com
Demo: Negotiate + Basic Filter
● How: Security Filter
● Authentication Method = Negotiate or BASIC
● S...
10 www.appsecinc.com
Demo: Mixed-Mode
● How: Authenticator Valve
● Authentication Method = FORM or Negotiate
● Single Sign...
11 www.appsecinc.com
Open Source
● WAFFLE = Windows Authentication Functional Framework Bla Bla Bla
● http://waffle.codepl...
Nächste SlideShare
Wird geladen in …5
×

Single Sign-On with Waffle

3.219 Aufrufe

Veröffentlicht am

Presentation about Waffle SSO.

Veröffentlicht in: Software
  • Sex in your area is here: ♥♥♥ http://bit.ly/39mQKz3 ♥♥♥
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Dating for everyone is here: ❤❤❤ http://bit.ly/39mQKz3 ❤❤❤
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

Single Sign-On with Waffle

  1. 1. Daniel Doubrovkine (dblock[at]dblock[dot]org) Single Sign-On
 w/ Tomcat & WAFFLE
 6/8/2010 Tomcat -> Waffle ->
  2. 2. 2 www.appsecinc.com FORM Authentication GET /index.jsp 304 Redirect Location: login.jsp ... POST /login.jsp j_username=…;j_passsword=… 200 OK Hello <%# username %>
  3. 3. 3 www.appsecinc.com HTTP Authentication GET /index.jsp 401 Access Denied WWW-Authenticate: Basic WWW-Authenticate: NTLM ... GET /index.jsp Authorization: Basic JFRFdPUktHUk9VUA== 200 OK Hello <%# username %>
  4. 4. 4 www.appsecinc.com Authorization Methods ● BASIC: Base64(username:password) ● DIGEST: Md5(HA1(HA2(…))) ● NTLM: LM Challenge/Response ● Kerberos: KB Tickets ● Negotiate: NTLM or Kerberos
  5. 5. 5 www.appsecinc.com Tomcat, Jetty, etc. ● Servlet Filter catch-all ● Tomcat Authenticator authentication method ● Spi Login Module authentication provider ● Realm authorize users, a database of users and roles ● User Database ● JAAS Realm: Java Authentication and Authorization Service ● …
  6. 6. 6 www.appsecinc.com Demo: FORM ● How: Login Module + JAAS Realm ● Authentication Method = FORM ● Username, password from FORM ● Windows Logon ● Groups => Roles
  7. 7. 7 www.appsecinc.com Demo: JAAS ● How: Login Module + JAAS Realm ● Authentication Method = BASIC ● Username, password from browser ● Windows Logon ● Groups => Roles
  8. 8. 8 www.appsecinc.com 
 Demo: Negotiate ● How: Authenticator Valve ● Authentication Method = Negotiate ● Windows Realm ● Single Sign-On
  9. 9. 9 www.appsecinc.com Demo: Negotiate + Basic Filter ● How: Security Filter ● Authentication Method = Negotiate or BASIC ● Single Sign-On
  10. 10. 10 www.appsecinc.com Demo: Mixed-Mode ● How: Authenticator Valve ● Authentication Method = FORM or Negotiate ● Single Sign-On ● URL-based Protocol
  11. 11. 11 www.appsecinc.com Open Source ● WAFFLE = Windows Authentication Functional Framework Bla Bla Bla ● http://waffle.codeplex.com Questions?

×