JOSSO Java Open Single Sign On (JOSSO) is a single sign-on solution for web applications.

It is an open source Java EE based software for user authentication and authorization. The software is released under the GNU Lesser General Public License (LGPL). Description The framework allows multiple web server/applications such as the Apache HTTP Server, Apache Tomcat, JBoss, ASP, PHP etc. to authenticate users with credential store. JOSSO communicates with credential stores over the Lightweight Directory Access Protocol (LDAP) or a JDBC connection. JOSSO exposes Single Sign On services using SOAP over HTTP protocol allowing it to easily integrate with non-Java applications. JOSSO implements JAAS (Java Authentication and Authorization Service) to authenticate and enforce access controls upon users. JOSSO is an Open Source Internet SSO solution for rapid and standards-based (SAML) Internet-scale Single Sign-On implementations, allowing secure Internet access to the Web-based applications or services of customers, suppliers, and business partners. Main Features

J2EE, Spring and Windows Transparent cross-domain/cross-organization Single Sign-On SAML support for seamless Internet/Federated SSO experience Bundled with GUI Console for a purely point-and-click setup and administration experience Pluggable Framework to allow the implementation of custom identity components using Spring or built-in IoC container. "5 minutes" on-the-fly set-up and deployment through custom "enhancement" console Runs in Apache Tomcat. Runs in JBoss application server. Runs in BEA WebLogic 8, 9 and 10 application server Runs in Websphere CE application server Runs in Apache Geronimo application server Runs in Windows IIS as an ISAPI connector Runs in any JASPI-compatible (JSR196) container such as JBoss 5 and GlassFish Out-of-the-box compatibility with Liferay Portal, JBoss Portal, JBoss GateIn Portal, Alfresco CMS, OpenCMS, Wavemaker and phpBB

Native Apache Http 2.x support thus enabling transparent SSO with Ruby, PHP, Python, Perl, etc. applications Integrates with Spring Security for enabling fine-grained authorization. Provides Identity information to Web applications and EJBs through the standard Servlet and EJB Security API respectively. Supports Strong Authentication using X.509 client certificates. Windows Authentication LDAP support for storing user information and credentials. Database support for storing user information and credentials. Includes virtual directory functionality for allowing authentication against multiple disparate identity silos "Remember Me" support Password reset support Client API for PHP. This allows to build SSO-enabled PHP applications. Client API for Microsoft ASP. This allows to build SSO-enabled ASP applications. Out-of-the-box branding support Compatibility with Apache Pluto Portlet Container Standard Based: JAAS, Web Services/SOAP, EJB, Struts, Servlet/JSP,J2EE. 100% Java

JOSSO2 is the second generation of the JOSSO product line. This generation is an allin-one solution that enables end-to-end delivery of Internet/Federated Single Sign-On settings, building on a purely model-driven approach for lowering the entry barrier and shortening time-to-value. If you have a rather standard and controlled setting and looking to implement it in an out-of-the-box experience with little involvement from IT, JOSSO2 might be the right choice for you. JOSSO2 might also help at delivering an internet-scale SSO solution, hence involving external/cloud-based partner sites (e.g. suppliers, remote branches, etc.) potentially having with their own single sign-on back-end. If you have a more custom scenario, such as requiring to implement custom SSO plug-in in order to support for instance non orthodox identity sources or authentication mechanisms, JOSSO1 might be a better choice in this case. Moreover, you'll have better chances to get free support from the large community of adopters that the project has won during his 6 years of life. JOSSO, or Java Open Single Sign-On, is an open source J2EE and Spring-based SSO infrastructure aimed to provide a solution for centralized, platform neutral, user authentication and authorization.

JOSSO addresses web single sign-on based on these concepts

Pluggable framework: It provides a component-centric infrastructure that allows to leverage existing user identity repositories and authentication mechanisms. Custom access management plugins can be implemented in an out-of-the-box fashion using the POJO component model and injected using the Spring configuration format. Non intrusive 0% development: SSO-enabled web applications don't have to depend on any proprietary Single Sign-On API. JOSSO handles the whole authentication flow transparently, propagating the security context to web and EJB tiers for consumption using the standard JEE interfaces. Wide Application Container Support: End-to-End declarative integration with Tomcat, JBoss, Weblogic and Apache Httpd server. Spring Friendly: Can be deployed on top of the Spring IoC container and leveraged as the default SSO implementation of the Spring Security layer. It can provide fine-grained authorization services to SSOenabled Spring security applications. Middleware-free Cross-domain/Cross-organization SSO: Federated settings between organizations can be implemented without deploying additional hardware nor software middleware such as reverse proxies. Cross-platform: It allows the integration of Java and non-Java applications, such as PHP, Microsoft ASP and any server-side scripting application, by leveraging the native SOA architecture of the product. Commitment to open standards: It leverages industry standards such as JEE, Spring, JAAS, web services/SOAP, EJB, servlet/JSP, JMX and Struts.

JOSSO comprises three main components

SSO Gateway (IdP): It's the SSO server, also known as Identity Provider, responsible of acting as a the web access management authority for SSO-enabled applications and their users. SSO Agent: Handles the single sign-on use-cases and execution environment integration details for SSO-enabled applications. Agents consume Gateway identity services. Partner application (SP): SSO-enabled web application, also known as Service Provider, that relies on the SSO Agent and Gateway components for providing the Single Sign-On experience to users.

JOSSO Protocol Finite State Machine (FSM)

Introduction This guide will explain how to integrate your own user and roles database with JOSSO, using basic authentication to validate user identity. It provides a specific example but you

could use other persistence mechanism and data structure. Make sure that the required JDBC driver is deployed in the gateway. If you branded the gateway, you can add the resource to your custom gateway project. Create the user and roles database schema Using your own data structure If you already have your own database schema, this step is not required. You should instead modify the SQL queries in the Identity Store configuration so that user and roles can be obtained. Lets assume that you don't have a user and role tables. We must then create 3 tables :

JOSSO_USER : contains all the users that will be able to sign-on. JOSSO_ROLE : contains all the roles to which users can be associated. JOSSO_USER_ROLE : contains the roles associated with each user. JOSSO_USER_PROPERTY : contains additional properties of the user, like personal data, etc. .

Lets have a look at the ER Diagram :