• Home
• Solutions
• Software
• Services
• About

• Software overview
• Json2Ldap
  • Overview
  • Online Demo
  • Applications
  • Quick Start
  • Specification
  • Configuration
  • Web API
  • Error Codes
  • Roadmap
  • FAQ
• AuthService
  • Overview
  • Quick Start
  • Specification
  • Configuration
  • Web API
  • Error Codes
• JsonSSO
  • Overview
  • Quick Start
  • Specification
  • Configuration
  • Web API
  • Error Codes
  • Roadmap
• Download

Lightweight JSON-RPC web service

JsonSSO is a lightweight JSON-RPC 2.0 web service for single sign-on (SSO) and shared session management. It accepts requests over HTTP(S) POST.

Json2Ldap

JsonSSO utilises a Json2Ldap web service instance to authenticate users against an LDAP v3 compatible directory. Other types of user stores (such as SQL DBs) are not directly supported.

Upon successful user login JsonSSO clients may be optionally provided with an LDAP connection (handled by the Json2Ldap web service). This connection, bound (authenticated) as the user, allows clients to query the LDAP directory, to retrieve various information about the user and perform other authorised operations, such as password change.

Web API

JsonSSO handles JSON remote procedure call (RPC) requests for login, logout and shared session management.

Login and logout	Session information	Session refresh
sso.login sso.logout	sso.getSession sso.getUserID sso.getUserDN	sso.refresh
Logout callbacks	Administration	Web service information
sso.addLogoutCallback sso.removeLogoutCallback sso.listLogoutCallbacks	sso.listSessions sso.listUsers sso.sessionCount sso.userCount sso.forceLogout	ws.getName ws.getTime ws.getVersion

Deployment

JsonSSO is packaged as a standard web application archive (WAR) ready for immediate deployment in a Java servlet container, such as the popular open source Apache Tomcat server.

Configuration

JsonSSO allows for comprehensive configuration by a set of parameters specified in the standard WEB-INF/web.xml web app descriptor file. See the JsonSSO configuration for details.

User identifier	Client interface
jsonsso.uidAttribute	jsonsso.clients.requireSecureAccess jsonsso.clients.requireCertificate jsonsso.clients.provideJson2LdapCID jsonsso.clients.responseContentType
Session settings	Logout callbacks
jsonsso.session.maxTime jsonsso.session.maxIdleTime jsonsso.session.quotaPerUser jsonsso.session.onQuotaExhaustion	jsonsso.logoutCallbacks.allow jsonsso.logoutCallbacks.quotaPerSession jsonsso.logoutCallbacks.maxMessageSize jsonsso.logoutCallbacks.numWorkerThreads
Json2Ldap details	LDAP server details
jsonsso.json2ldap.url jsonsso.json2ldap.trustSelfSignedCerts	jsonsso.ldapServer.useDefault jsonsso.ldapServer.url jsonsso.ldapServer.timeout jsonsso.ldapServer.security jsonsso.ldapServer.trustSelfSignedCerts
Administrator details	User DN resolution
jsonsso.admin.attributeName jsonsso.admin.attributeValue	jsonsso.dnResolution.method jsonsso.dnResolution.dnTemplate jsonsso.dnResolution.searchBaseDN jsonsso.dnResolution.searchScope jsonsso.dnResolution.searchFilter
Search user details
jsonsso.searchUser.dn jsonsso.searchUser.password
Logging	Cross-Origin Resource Sharing (CORS)
jsonsso.log4j.configurationFile	cors.allowGenericHttpRequests cors.allowOrigin cors.supportedMethods cors.supportedHeaders cors.exposedHeaders cors.supportsCredentials cors.maxAge

Logging

JsonSSO uses the popular log4j utility. Here are the event types that can be selectively logged (at various levels):

• On a HTTP request: method name, client IP, client X.509 certificate principal.
• On a JSON-RPC 2.0 request: method name, request parameters (but not passwords), response status (success or error code).
• Start, refresh and finish of user sessions.
• Internal JsonSSO exceptions.

Logging is configured through the WEB-INF/log4j.properties file.

System requirements and dependencies

JsonSSO requires a web server conforming to the Java servlet specification, such as Apache Tomcat or Jetty:

• Java 1.6+
• Java servlet API 2.5+

User store and authentication:

• Json2Ldap 2.1+
• LDAP v3 compatible directory

All package dependencies are included in the JsonSSO WAR file for convenience.

Change log

• version 1.0 (2011-04-13)
  • First official and stable release.
• version 1.1 (2011-04-27)
  • Allows for a configurable log4j properties file location.
  • Adds explicit Cross-Origin Resource Sharing (CORS) support.
  • Validates the jsonsso.clients.responseContentType configuration parameter using the javax.mail library.
• version 1.1.1 (2011-04-29)
  • Fixes missing check of the jsonsso.logoutCallbacks.allow parameter.
• version 1.1.2 (2011-05-20)
  • Updates JSON-RPC 2.0 Base JAR to 1.16.
• version 1.1.3 (2011-06-14)
  • Thread-safe parsing of JSON-RPC 2.0 requests.
  • Updates JSON-RPC 2.0 Base JAR to 1.17 (JSON Smart).
  • Updates UnboundID SDK JAR to 2.2.0.
  • Updates JSON-RPC 2.0 Shell to 1.7.
• version 1.2 (2011-12-27)
  • Makes compatible with Json2Ldap 2.1.
  • Introduces support for jsonsso.dnResolution.method NONE that utilises plain SASL bind.
  • Renames configuration parameter jsonsso.clients.requireHTTPS to jsonsso.clients.requireSecureAccess.
  • Merges configuration parameters jsonsso.ldapServer.host and jsonsso.ldapServer.port into jsonsso.ldapServer.url.
  • Cancels purge timer on JsonSSO shutdown.
  • Adds dependency to LDAP Util 1.0.
  • Updates UnboundID SDK JAR to 2.3.0.
  • Updates DN Resolver JAR to 1.2.
  • Updates JSON Smart JAR to 1.0.9-1.
  • Updates JSON-RPC 2.0 Base JAR to 1.24.
  • Updates JSON-RPC 2.0 Server JAR to 1.4.1.
  • Updates JSON-RPC 2.0 Client JAR to 1.6.
  • Updates Property Util JAR to 1.5.
  • Updates CORS Filter JAR to 1.3.1.
  • Updates JSON-RPC 2.0 Shell to 1.12.
• version 1.2.1 (2012-04-03)
  • Updates JSON Smart JAR to 1.1.1.
  • Updates JSON-RPC 2.0 Base JAR to 1.25.1.
  • Updates JSON-RPC 2.0 Server JAR to 1.5.1.
  • Updates JSON-RPC 2.0 Client JAR to 1.7.1.