Scribd Logo
Hochladen

Willkommen bei Scribd!

  • WIM General User's Guide: Description

    Hochgeladen von

    Rosario Turco
    51 Ansichten4 Seiten
    WIM is a simple and secure system with SSO, https and a policy server (SPOS) for web applications. It is suitable for small and medium enterprises, with low cost but high potential. WIM helps you to centralize the username/password cycle provisioning on SPOS, to assign a profile at the user on each Web applications (the user can have different profiles, one on each system), to have encrypted password, to change the expired passwords (each three months). WIM also offers an agent CPOS for login authentication in https and API for SSO.

    Originaltitel

    Web Identity Manager

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    WIM is a simple and secure system with SSO, https and a policy server (SPOS) for web applications. It is suitable for small and medium enterprises, with low cost but high potential. WIM helps you to centralize the username/password cycle provisioning on SPOS, to assign a profile at the user on each Web applications (the user can have different profiles, one on each system), to have encrypted password, to change the expired passwords (each three months). WIM also offers an agent CPOS for login authentication in https and API for SSO.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    51 Ansichten4 Seiten

    WIM General User's Guide: Description

    Hochgeladen von

    Rosario Turco
    WIM is a simple and secure system with SSO, https and a policy server (SPOS) for web applications. It is suitable for small and medium enterprises, with low cost but high potential. WIM helps you to centralize the username/password cycle provisioning on SPOS, to assign a profile at the user on each Web applications (the user can have different profiles, one on each system), to have encrypted password, to change the expired passwords (each three months). WIM also offers an agent CPOS for login authentication in https and API for SSO.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 4

    WIM General User’s Guide

    Rosario Turco (Naples – Italy) rosario_turco@virgilio.it

    Description
    When we have got a Web Application, we also have many questions:

    1. How can we protect the Web Application


    System?

    2. How can we get the profiling capabilities


    and maintain the provisioning of users externally
    at the Web Application System?

    3. How can we obtain the association


    between functionality and profile of user?

    1
    WIM accelerate your development:

    1) It is a external framework , you can use and attach at your web applications.

    2) You must only design your web applications, keeping in mind the security constraints of WIM, so you can
    maximize the potential of WIM.

    3) WIM is a simple and secure system with SSO, https and a policy server (SPOS) for web applications. It is
    suitable for small and medium enterprises, with low cost but high potential. WIM helps you to centralize
    the username/password cycle provisioning on SPOS, to assign a profile at the user on each Web
    applications (the user can have different profiles, one on each system), to have encrypted password, to
    change the expired passwords (each three months). WIM also offers an agent CPOS for login
    authentication in https and API for SSO.

    SPOS is a Simple Policy Server (SPOS.war), with KBFE (Knowledge Base Framework Engine) and Tomcat
    technology. It must be centralized for all system application.

    CSPOS is the agent, the client of SPOS (CSPOS.war), with Tomcat & Struts2 Interceptor technology. It must
    be installed on each system application.

    You can introduce or no, AFPS. AFPS (Associated Functionality & Profile Server) can use KBFE (See KBFE
    User’s Guide on SourceForge; in the software of WIM you have kbfe.jar) to model an ontology for
    Functionality, Profile and relation. In this case you models with Protegè your ontology. You can develop
    AFPS yourself or if you want, you can also use a database for this. The database must have a table for
    functionality, a table for profile, a table of association.

    The software is available on http://rturco.users.sourceforge.net/

    2
    SPOS configuration
     Under %CATALINA_HOME%/bin make two directory: dbinfo and dbquery
     Under %CATALINA_HOME%/bin put KBFE.properties, log4j.properties,SPOS.owl

    SPOS.owl is a template that you can modify with Protegè 4.1 (download it for this) for username, profile
    and system; but to function properly it must remain as it is in the structure modeling.

     Verify that %CATALINA_HOME% is configured in the environment (Windows o Unix)


     Unzip jdom.zip and pellet-2.2.2 for example in C: or on filesystem Unix
     Modify %CATALINA_HOME%/bin the file startup.bat (or .sh on Unix) for example:
    @rem Set Pellet Home
    set PELLET_HOME=C:\pellet-2.2.2
    @rem Set JDOM Home
    set JDOM_HOME=C:\jdom
    set KBFE_HOME=C:\kbfe
    @rem Set CLASSPATH
    set CLASSPATH=%CLASSPPATH%;%JENA_HOME%\lib\jena-2.6.4.jar;%JENA_HOME%\lib\slf4j-log4j12-1.5.8.jar;%JENA_HOME%\lib\slf4j-
    api-1.5.8.jar;%JENA_HOME%\lib\xercesImpl-2.7.1.jar;%JENA_HOME%\lib\iri-0.8.jar;%JENA_HOME%\lib\icu4j-
    3.4.4.jar;%JENA_HOME%\lib\arq-2.8.7.jar;%PELLET_HOME%\lib\pellet-cli.jar;%PELLET_HOME%\lib\pellet-
    core.jar;%PELLET_HOME%\lib\pellet-datatypes.jar;%PELLET_HOME%\lib\pellet-dig.jar;%PELLET_HOME%\lib\pellet-
    el.jar;%PELLET_HOME%\lib\pellet-explanation.jar;%PELLET_HOME%\lib\pellet-jena.jar;%PELLET_HOME%\lib\pellet-
    modularity.jar;%PELLET_HOME%\lib\pellet-owlapi.jar;%PELLET_HOME%\lib\pellet-owlapiv3.jar;%PELLET_HOME%\lib\pellet-
    pellint.jar;%PELLET_HOME%\lib\pellet-query.jar;%PELLET_HOME%\lib\pellet-rules.jar;%PELLET_HOME%\lib\pellet-
    test.jar;%PELLET_HOME%\servlet.jar;%JDOM_HOME%\lib\ant.jar;%JDOM_HOME%\lib\jaxen.jar;%JDOM_HOME%\lib\saxpath.jar;%JDO
    M_HOME%\lib\xalan.jar;%JDOM_HOME%\lib\xerces.jar;%JDOM_HOME%\lib\xml-apis.jar;%JDOM_HOME%\build\jdom.jar
     Put SPOS.war under %CATALINA_HOME%/webapps
     Start Tomcat, so SPOS.war is exploded in a directory
     Stop Tomcat
     Copy the content of lib.zip in %CATALINA_HOME%/webapps/WEBINF/lib
     Use Startkey.jar in this mode:
    java –jar Startkey.jar %CATALINA_HOME%/bin
    You obtain Start.Key in %CATALINA_HOME%/bin/dbinfo that contains the encrypted key to encrypt
    the passwords.

    Now the installation is completed, but now you must configure the username, profile and system with
    Protegè. when you set up a username the first time, put:

     a expiration_date very old


     encrypted password = username, so you get that the user changes the password the first time.

    For encrypted password = username you can use the SetInitialPsw.jar in this mode:

    java –jar SetInitialPsw.jar %CATALINA_HOME%\bin <username>

    In SPOS.owl there are some examples of setting, but when you generate your SPOS.key you must change
    the passwords of the examples, because SPOS.key is random and different of my examples.

    For expiration_date you must use this format for example:

    <expiration_date rdf:datatype="http://www.w3.org/2001/XMLSchema#dateTime">1888-02-01T00:00:00.000</expiration_date>

    The profiles in this example are: ADM (administrator), OPE1 (operator 1), OPE2, OPE3, but you can add
    other profiles or change.
    3
    CSPOS configuration
    CSPOS is the agent that you must configure on each system for authentication.

     Under %CATALINA_HOME%/bin put CSPOS.properties, log4j.properties


     Put CSPOS.war under %CATALINA_HOME%/webapps
     Start Tomcat, so CSPOS.war is exploded in a directory
     Stop Tomcat
     Copy the content of lib.zip in %CATALINA_HOME%/webapps/WEBINF/lib

    In CSPOS dir you see in resourse struts.xml and index.jsp in WebContent.

    Where do we attach our web application?


    index.jsp is only an example but you mut substitute it with your main servlet. In your main servlet you must
    control on the session if username, profile, oursystem aren't null, otherwise you must do
    response.sendRedirect("Logout.jsp") or response.sendRedirect("Login.jsp").

    Then you must write your servlet in file struts.xml in substitution of index.jsp (See in WebContent of
    CSPOS.war).

    The PROFILE parameter you can get from session.getAttribute("PROFILE") for you application. CPOS sets
    USERNAME, PROFILE and OURSYSTEM, which your main servlet must read on the session.

    Can we change the layout of Login page?


    Yes, you can customize the Login.jsp with layout of your web application. You must open the war and
    substitute Login.jsp with yours.

    Where is Logout?
    You must insert the logout in each page of your application. An example of Logout is here.

    <p>
    <p>
    <a href="<%= request.getContextPath() %>/logout.action">Logout</a>
    <p><p>
    <b>

    Suggest
    You must made your Web Application keeping in mind the security constraints of WIM, so you can
    maximize the potential of WIM.

    SSL configuration SPOS e CSPOS


    You must configure SPOS and CSPOS with SSL. A tutorial is http://techtracer.com/2007/09/12/setting-up-
    ssl-on-tomcat-in-3-easy-steps/

    Das könnte Ihnen auch gefallen