JsonSSO
- Single sign-on (SSO) and shared session
management for Ajax web applications - Scripting friendly JSON interface
- Ties to Json2Ldap
SSO for Ajax and cross-domain web apps
JsonSSO is a nimble web service for supplying Single Sign-On (SSO) and session management to modern Ajax / Web 2.0 applications which combine bits of data and services from multiple sources, often residing on different domains. The case is simple: Monolithic web apps are rather cumbersome; the wise approach to staying scalable, efficient and sexy is by adhering to an architecture where a rich web UI calls upon an array of lightly coupled web services, each with its own precisely scoped job and API.
JsonSSO providing single sign-on and session management to Ajax apps:
1) JsonSSO receives a sso.login request from the browser and returns a session token (SID)
upon successful user authentication. 2) The browser passes the SID with each application or
service request. 3) The web app / services verify the SID with JsonSSO and retrieve the user's
identity.
We speak JSON
JsonSSO is a NoXML inspired solution. Its web API speaks JSON which is readily consumed by JavaScript and other applications.
| Example JSON-RPC request to login a user |
|---|
{
"method" : "sso.login",
"params" : { "user" : "alice@wonderland.net",
"password" : "s3cr3t" },
"id" : "0001",
"jsonrpc" : "2.0"
}
|
Cross-domain capability
JsonSSO as all other NimbusDS products supports cross-domain XHR through the emerging Cross-Origin Resourse Sharing (CORS) W3C standard. CORS is supported by all major browsers today, such as Firefox (3.5+), IE (8+), Chrome (3+) and Safari (4+).
|
Check out our open source CORS servlet filter if you intend to build conforming Java web services. |
Efficient shared session management
Upon successful user login JsonSSO returns a session identifier (SID) which can be passed to the participating back-end services to retrieve the user's identity and keep track of the session. Each service may also register a callback to be notified when the user logs out or his session expires. This frees the services from the task of user session tracking.
The JsonSSO's URL and the session identifier (SID) string - that's all you need to identify a user across your Ajax services.
URL: https://my.org/services/jsonsso/ SID: 5b2b3e3c-b9db-4ec0-afd4-22c2688a7dfb
To make session queries fast JsonSSO employs a highly concurrent and efficient in-memory data store. In a future version this will become extensible to multiple servers using Memcached / Membase technology.
LDAP authentication through Json2Ldap
JsonSSO authenticates users against an LDAPv3 compatible directory, such as Microsoft Active Directory, Novell eDirectory or OpenLDAP, through the Json2Ldap gateway / proxy. Connecting to a directory through a Json2Ldap web service instead of directly has two advantages:
- Flexibility The Json2Ldap service with its back-end LDAP directory can reside across the web in a different location. This makes JsonSSO a cloud and SaaS friendly solution.
- Directory access The JsonSSO web clients can be optionally provided with an LDAP connection (through Json2Ldap) bound (authenticated) as the logged-in user, to allow retrieval of various user attributes from the directory and to perform authorised operations such as details update and password change.
Json2Ldap provides a web API for accessing the LDAP user store
Download
Ready to try out JsonSSO? You are welcome to download an evalution copy. No registration is required for that.
JsonSSOThe software comes in a standard WAR package ready for immediate deployment. Check out the installation instructions for details.
AuthService is offered under an affordable licence which includes 24 months of maintenance, updates and our support. Discounts are available if you wish to run multiple instances or would like to integrate AuthService into your own product or service offerings. We also offer various dedicated services such as integration assistance, training and custom add-on development. Get in touch with sales to request a quote.
