Single Sign-On (SSO) - Enterprise Java Content management system - Hippo CMS

Single Sign-On (SSO)

Introduction

Goal

Understand how Hippo's architecture supports single sign-on integration in enterprise environments.

Background

Organizations who implement Hippo CMS in their enterprise environment may want to integrate Hippo with their existing single sign-on (SSO) solution. This page explains how Hippo's system architecture supports SSO integration. Specific integrations are described separately.

Enterprise SSO-Enabled Architecture

The deployment diagram below shows Hippo's SSO-enabled system architecture:

//onehippo-prod.global.ssl.fastly.net/binaries/ninecolumn/content/gallery/connect/architecture/uml/why-hippo/security.png

  • Typically the HTTPS connection for browser clients is configured and enabled in the reverse proxy layer (Apache Web Server).
  • Typically the reverse proxy redirects client requests to the enterprise SSO server for authentication. Once authenticated, the request is redirected back with a valid security token.
  • Applications running on the application server can access the enterprise SSO server to validate security tokens if needed.
  • Alternatively the authoring and delivery applications running on the application server can also authenticate users against the LDAP server if configured.
  • Alternatively the authoring and delivery applications running on the application server can also authenticate users through either form authentication, JAAS or Spring Security integration. Spring Security integration is capable of integrating with an enterprise SSO server seamlessly.

Specific Integrations

Single Sign-On (SSO)

Introduction

Goal

Understand how Hippo's architecture supports single sign-on integration in enterprise environments.

Background

Organizations who implement Hippo CMS in their enterprise environment may want to integrate Hippo with their existing single sign-on (SSO) solution. This page explains how Hippo's system architecture supports SSO integration. Specific integrations are described separately.

Enterprise SSO-Enabled Architecture

The deployment diagram below shows Hippo's SSO-enabled system architecture:

//onehippo-prod.global.ssl.fastly.net/binaries/ninecolumn/content/gallery/connect/architecture/uml/why-hippo/security.png

  • Typically the HTTPS connection for browser clients is configured and enabled in the reverse proxy layer (Apache Web Server).
  • Typically the reverse proxy redirects client requests to the enterprise SSO server for authentication. Once authenticated, the request is redirected back with a valid security token.
  • Applications running on the application server can access the enterprise SSO server to validate security tokens if needed.
  • Alternatively the authoring and delivery applications running on the application server can also authenticate users against the LDAP server if configured.
  • Alternatively the authoring and delivery applications running on the application server can also authenticate users through either form authentication, JAAS or Spring Security integration. Spring Security integration is capable of integrating with an enterprise SSO server seamlessly.

Specific Integrations