• Browse
  • Pages
  • Blog
  • Labels
  • Attachments
  • Mail
  • Bookmarks
  • Activity
  • Advanced
• Log In

1. Dashboard
2. Open Source: Whydah
3. Whydah Home
4. Getting started

Getting started

Skip to end of metadata

• Page restrictions apply
• Added by Erik Drolshammer, last edited by Thor Henning Hetland on Jan 13, 2015  (view change)

Comment:

Go to start of metadata

For the security officer Whydah provides a secure and relatively quick way to make dousins of custom made aplications adhere to a reasonable secure SSO policy. By firewall configuration, proxy settings and URIs it is possible to put UserIdentityBackend in a "vault" to enforce role authenticity. Audit logging log evry change being made to roles and users. Read more about the Security in Whydah.

For the operations department Set up Whydah by installing a typical production environment. See the Whydah for production page. Try whydah on your machine. Also see Whydah for demo/test

For the app developer See the Integrating with Whydah. Try whydah on your machine.

For the java developer If you want to enhance Whydah, you should first verify that you understand how Whydah work by using one of the examples provided in the integration guide. Try whydah and trace on your machine. Then it is time to install Whydah development environment

Quick set-up (Using Docker on local machine)

• Install docker
• Start Whydah, ready for Integration
  Unknown macro: {code}

  sudo docker run -it -p 80:9999 -p 9990:9990 -p 9995:9995 -p 9996:9996 -p 9997:9997 -p 9998:9998 totto/whydah /usr/bin/supervisord

• Go to Whydah http://localhost/sso/welcome

Client code example

• (Example using Apache HTTP Components Fluent API and jOOX Fluent API)
  Unknown macro: {code}

  // Execute a POST to authenticate my application
  String appToken = Request.Post("https://sso.whydah.net/sso/logon")
  .bodyForm(Form.form().add("applicationcredential", myAppCredential).build())
  .execute().returnContent().asBytes();

  // authenticate with username and password (user credential)
  String usertoken = Request.Post("https://sso.whydah.net/sso/user/"appTokenID"/"new UserTicket(UUID.randomUUID()).toString()"/usertoken/")
  .bodyForm(Form.form().add("apptoken", appToken)
  .add("usercredential", new UserCredential(username,password).asXML()).build())
  .execute().returnContent().asBytes();

  // Execute a POST to SecurityTokenService with userticket to get usertoken
  String usertoken = Request.Post("https://sso.whydah.net/sso/user/"appTokenID"/get_usertoken_by_userticket/")
  .bodyForm(Form.form().add("apptoken", appToken)
  .add("userticket", userTicket).build())
  .execute().returnContent().asBytes();

  // That's all you need to get a full user database, IAM/SSO, Facebook/OAUTH support ++
  boolean hasEmployeeRoleInMyApp = $(usertoken).xpath("/usertoken/application[@ID="+myAppId+"]/role[@name=\"Employee\"");

Labels parameters

Labels:

None

Enter labels to add to this page:

 

Looking for a label? Just start typing.

3 Child Pages

Reorder Pages

Page: Why choose Whydah? Page: Planning and modelling access strategies Page: Usage scenarios

Powered by a free Atlassian Confluence Community License granted to Cantara AS. Evaluate Confluence today.

• Powered by Atlassian Confluence 3.5.17, the Enterprise Wiki
• Printed by Atlassian Confluence 3.5.17, the Enterprise Wiki.
•   |  Report a bug
•  |  Atlassian News