The cloud has brought us endless freedom and flexibility to create apps and services. It’s enabled global reach and access by anyone, anywhere, and at any time. So, how can you ensure your applications, especially your Java™ Enterprise Edition (Java EE) applications, and information are secure in the cloud?
Application security in the hybrid cloud
By having a hybrid cloud infrastructure, you can deploy front-end applications or services in the public cloud but keep your data in a safe private cloud. You can configure your cloud to avoid unwanted connections. Plus, you can scale the front end of a publicly accessed service, depending on the load, while protecting sensitive data. In this way, a hybrid cloud solution gives you and your company confidence in application security.
What about when you move your Java EE applications to the cloud? You might end up with different domains and application modules. And, you might also lose your established reverse proxy, clusters, and session affinity. You need to implement Java application security, role-based authorization, and single sign-on between the different domains, but how? The answer is cross-domain single-sign on.
Cross-domain single sign-on
To implement a secure cross-domain single sign-on, you can use the Security Assertion Markup Language (SAML) standard. This standard provides a digital signature that contains a user name and user groups and is based on asymmetric cryptography. By adopting the SAML standard, you can authenticate a user who lands on a web resource that is exposed by an application server without configuring it to access a user registry. Moreover, you can propagate the SAML digital signature to traditional web services (SOAP/HTTPS) applications.
To learn more about this solution and how you can use it, read the three-part series Cross-domain single sign-on using SAML 2.0 with WebSphere Liberty:
- Part 1: Configure a service provider-initiated SSO with identity propagation
- Part 2: Set up a secure hybrid cloud environment with IBM Bluemix
- Part 3: Integrate Microsoft Windows authentication by using SPNEGO
- SAML assertions across WebSphere Application Server security domains
- Understanding the WebSphere Application Server SAML Trust Association Interceptor
- Security-related articles for WebSphere Liberty in the WASDev Developer Center
- WebSphere Liberty (WASDev) Developer Center
- Java SDK Developer Center
- IBM Bluemix Developer Center