Web services security with OpenAM (between Node.js as client and Java Jax-ws as provider)
Question
We are working on a project that is built with SOA(Service-oriented architecture) using SOAP web services.
We want to use OpenAM as identity server for authentication and authorization .
We want to implement single sign on for user authentication with OpenAM.
Our web services are written using JAX-WS (Java). And we have web service client application acting as proxy which is built with NodeJS.
We implemented SSO with passport-saml library.OpenAM sends SAML bearer token with user claims.Then I must establish secure connection between NodeJS soap client and Jax-ws service provider based on user's claims which returned to me from OpenAM.
My question is :How I can/must setup secure connection between service client application(NodeJS) and service proivder application (Java) via OpenAM ?I saw there are STS service in OpenAM for web services security.But it uses custom sdk which was written in Java. I can't use it because my service client application is written in NodeJS. What is the best scenario for handling this case?
1 answers
solution1
0 ACCPTED 2015-11-21 18:32:39
So, I figured out a way for this task. Using JWT and validating sessions with OpenAM.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.