Enterprise Sign On Engine
Encyclopedia
The Enterprise Sign On Engine is an open source
platform for single sign on, access control and federation
. It was originally built for the Queensland University of Technology
and subsequently made available to all under the Apache 2.0 license
.
ESOE is standards based, complying with SAML 2.0
and implementing a significant subset of XACML 2.0
. The core server system is developed in Java while connectivity to services is achieved through provided SAML service provider software for Apache Tomcat
/JBoss
, Apache Web Servers and Microsoft IIS
.
Further to this ESOE is able to act as hub for identity protocols and is able to translate tokens from Shibboleth
and OpenID
to its internal SAML 2.0 token type.
The design goals of ESOE are such that it should interact with any type of service and even aggregate identity data across them. Support for LDAP compliant servers and Microsoft Active Directory
are implemented as reference plugins for the authentication 'pipeline'.
For added flexibility each core part of the system has been developed using a pluggable pipeline approach. This means that authentication, identity and SSO events must each traverse a pipeline of plugins which all perform different tasks. This allows organizations to add functionality specific to their deployment while still taking advantage of the core logic.
The entire system is built using a centralized ESOE Build system which relies on Apache Ant
. Dependencies in the system are automatically maintained by heavy integration with Apache Ivy
. Eclipse
is the preferred development environment. All code is stored in Subversion.
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
platform for single sign on, access control and federation
Federated identity
A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems....
. It was originally built for the Queensland University of Technology
Queensland University of Technology
Queensland University of Technology is an Australian university with an applied emphasis in courses and research. Based in Brisbane, it has 40,000 students, including 6,000 international students, over 4,000 staff members, and an annual budget of more than A$750 million.QUT is marketed as "A...
and subsequently made available to all under the Apache 2.0 license
Apache License
The Apache License is a copyfree free software license authored by the Apache Software Foundation . The Apache License requires preservation of the copyright notice and disclaimer....
.
ESOE is standards based, complying with SAML 2.0
SAML
Security Assertion Markup Language is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider...
and implementing a significant subset of XACML 2.0
XACML
XACML stands for eXtensible Access Control Markup Language. The standard defines a declarative access control policy language implemented in XML and a processing model describing how to evaluate authorization requests according to the rules defined in policies.As a published standard...
. The core server system is developed in Java while connectivity to services is achieved through provided SAML service provider software for Apache Tomcat
Apache Tomcat
Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation...
/JBoss
JBoss
JBoss Application Server is an open-source Java EE-based application server. An important distinction for this class of software is that it not only implements a server that runs on Java, but it actually implements the Java EE part of Java...
, Apache Web Servers and Microsoft IIS
Internet Information Services
Internet Information Services – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server. IIS 7.5 supports HTTP, HTTPS,...
.
Further to this ESOE is able to act as hub for identity protocols and is able to translate tokens from Shibboleth
Shibboleth (Internet2)
Shibboleth is an Internet2 project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on Security Assertion Markup Language . Federated identity allows for information about users in one security domain...
and OpenID
OpenID
OpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities...
to its internal SAML 2.0 token type.
The design goals of ESOE are such that it should interact with any type of service and even aggregate identity data across them. Support for LDAP compliant servers and Microsoft Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
are implemented as reference plugins for the authentication 'pipeline'.
Architecture
The underlying architecture of ESOE is such that all modules are able to be removed, replaced or reimplemented to suit a specific deployment. This is achieved with heavy utilization of the Spring Framework and interface driven design. Development is carried out with using Agile principals and the software includes hundreds of automated test cases.For added flexibility each core part of the system has been developed using a pluggable pipeline approach. This means that authentication, identity and SSO events must each traverse a pipeline of plugins which all perform different tasks. This allows organizations to add functionality specific to their deployment while still taking advantage of the core logic.
The entire system is built using a centralized ESOE Build system which relies on Apache Ant
Apache Ant
Apache Ant is a software tool for automating software build processes. It is similar to Make but is implemented using the Java language, requires the Java platform, and is best suited to building Java projects....
. Dependencies in the system are automatically maintained by heavy integration with Apache Ivy
Apache Ivy
Apache Ivy is a transitive relation dependency manager. It is a sub-project of the Apache Ant project, with which Ivy works to resolve project dependencies. An external XML file defines project dependencies and lists the resources necessary to build a project...
. Eclipse
Eclipse (software)
Eclipse is a multi-language software development environment comprising an integrated development environment and an extensible plug-in system...
is the preferred development environment. All code is stored in Subversion.