OpenSSO and Secure Ticket Service (STS)
29/04/2010
Leave a comment
For one of our customers we’ve been working on securing their web services with Secure Ticket Service (STS). The setup involves a Liferay Portal that authenticates the users using OpenSSO Express 8. The portlets make SOAP calls to a JBoss 5.1 server that has some EJB’s exposed as a web service provider.
The principle behind STS is really simple. You don’t have to change your webservice provider, client or WSDL. Just plug the right client and server handler, configure OpenSSO and go!
On the SUN Development Blog there is an excellent walk through named Enabling Web Service Security with OpenSSO WSS Agent. This post is about our experience with this setup and the pitfalls we encountered.
Recent Comments