That’s not quite what Patrick Henry had in mind when he concluded his famous speech with: Give me liberty or give me death!

The cloud has brought us endless freedom and flexibility to create apps and services. It’s enabled global reach and access by anyone, anywhere, and at any time. So, how can you ensure your applications, especially your Java™ Enterprise Edition (Java EE) applications, and information are secure in the cloud?

Application security in the hybrid cloud

By having a hybrid cloud infrastructure, you can deploy front-end applications or services in the public cloud but keep your data in a safe private cloud. You can configure your cloud to avoid unwanted connections. Plus, you can scale the front end of a publicly accessed service, depending on the load, while protecting sensitive data. In this way, a hybrid cloud solution gives you and your company confidence in application security.

What about when you move your Java EE applications to the cloud? You might end up with different domains and application modules. And, you might also lose your established reverse proxy, clusters, and session affinity. You need to implement Java application security, role-based authorization, and single sign-on between the different domains, but how? The answer is cross-domain single-sign on.

Cross-domain single sign-on

Cross-domain single sign-on

To implement a secure cross-domain single sign-on, you can use the Security Assertion Markup Language (SAML) standard. This standard provides a digital signature that contains a user name and user groups and is based on asymmetric cryptography. By adopting the SAML standard, you can authenticate a user who lands on a web resource that is exposed by an application server without configuring it to access a user registry. Moreover, you can propagate the SAML digital signature to traditional web services (SOAP/HTTPS) applications.

Next steps

To learn more about this solution and how you can use it, read the three-part series Cross-domain single sign-on using SAML 2.0 with WebSphere Liberty:

Learn more



Join The Discussion

Your email address will not be published. Required fields are marked *