About This Documentation
NOTE: Ubisecure product names were unified in autumn 2011. All products which started with term "Ubilogin" were renamed to start with term "Ubisecure". In documentation this name change is implemented retroactively, i.e., the new naming practice is used also when referring to old software versions which started with term "Ubilogin" at the time of their release.
This guide describes how Ubisecure SAML Service Provider for Java (later Ubisecure SAML SP or SAML SP) is installed and configured on supported web and application servers.
The Ubisecure Ubisecure SSO (Single Sign-On) is an access management solution. The key functionality of Ubisecure SSO is to offer single sign-on to web applications with a selection of authentication methods to best serve the needs of the application or user level in question.
Ubisecure SAML SP for Java SSO Authentication Process
Ubisecure SAML SP for Java
An existing or new Java servlet application can be added to a SAML 2.0 based SSO system using SAML Service Provider for Java. Ubisecure SAML SP for Java enables the SAML 2.0 protocol based sign-on and logout processes on Java Servlet 2.3, 2.43.0 and 2.53.1 compliant web and application servers.
User information is passed to the Java application using the standard Java Servlet API function HttpServletRequest.getUserPrincipal. This function returns a java.security.Principal containing the name of the user making the request.
HttpServletRequest.getRemoteUser function returns a string containing the name of the user making the request.
The format of the user information is defined in the authorization policy of the Ubisecure SSO Server.
Ubisecure SSO Server versions beginning from 3.1 support the Oasis-Open's (http://www.oasis-open.org/) SAML 2.0 protocol. The trust model of Ubisecure and SAML is shown in Figure 1 below.
Ubisecure SSO Server acts as the Identity Provider and Ubisecure SAML SP implements the Service Provider.
|Figure 1. Client authenticates to the Identity Provider (IDP) and Service Provider (SP) |
trusts the assertions of IDP about Client's identity