52n WAS: Authenticate users and return a SAML ticket

The 52n Web Authentication Service (WAS) provides a standardized means to authenticate users (or more generally speaking: clients). On successful authentication it returns a SAML (Security Assertions Markup Language) compliant authentication assertion. This XML formatted, digitally signed document may serve as a general proof of a client's identity for any application. In the 52n Security System suite the "SAML ticket" the standard way to authenticate at a WSS to get access to a protected service.

The WAS specification (originating from the german regional spatial data infratructure "GDI NRW") does not dictate the kind and/or format of the user repository that is used to authenticate users. It is also designed to support any kind of authentication method (password-based, signature cards etc.) to be used for the authentication process. Of course, the 52n implementation of the WAS can only implement a small selection of possible methods and user repositories. The current implementation supports:

Authentication methods

• password-based authentication

User repositories

• custom XML file where users/password/roles are defined (default)
• custom SQL database, accessible via JDBC

Extensibility!

The WAS implementation makes it easy to support more than the current available authentication methods and user repositories. Go here to see how to bind your own implementations.

The WAS provides a simple HTTP GET/POST based protocol that is described here.