Re-engineering of web reverse proxy with shibboleth authentication

Author

Haron, Galoh Rashidah ; Maniam, D. ; Sadasivam, V. ; Wong Hon Loon

Author_Institution

Inf. Syst. Security Lab., MIMOS, Kuala Lumpur, Malaysia

fYear

2012

fDate

10-12 Dec. 2012

Firstpage

325

Lastpage

330

Abstract

Majority of web authentication is implemented using username and password mechanism. How about leveraging the Shibboleth authentication advantages as an alternative to username and password based authentication to access a live web site? This challenge is trivial if, the codes that built the external web sites are permissible to be modified. In a case where no access on the codes is available, we introduce a reverse proxy as a middleware between the Shibboleth and the web sites. As part of the solution, we re-engineer the existing web reverse proxy and create Java classes that manage and perform automated authentication to access the web site. We share the development experiences in completing the challenge which is assisted by the open source development efforts.

Keywords

Java; Web sites; authorisation; message authentication; middleware; reverse engineering; Java classes; Shibboleth authentication; Web authentication; Web reverse proxy re-engineering; Web site access; automated authentication; live Web site; middleware; open source development efforts; password based authentication; username based authentication; Authentication; Board of Directors; Browsers; Databases; HTML; MIMO; Web sites; Security Assertion Markup Language (SAML); Shibboleth; Single Sign-On (SSO); Web proxy;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Technology And Secured Transactions, 2012 International Conference for

Conference_Location

London

Print_ISBN

978-1-4673-5325-0

Type

conf

Filename

6470970