WAID 1.0 (english)
Introducing the technical details of the product behind the Identiy Management (IdM) Self Service
(Input: Krasimir Zhelev, P&P CSA, Text: Hendrik Eggers, Translation: Bastian Melsheimer)
, the Web Application for Identity Management, is the basis for the new IdM Self Service.In the following article, we will have a look at its technical foundation.
WAID is based on popular Java Development Frameworks:
- Spring-Framework
including Spring Security and Spring LDAP - Tapestry
as Web-Framework
We also use 3rd Party Extensions, e.g. t5c-commons for the slider effect and other effects on the main page.
Since these frameworks weren’t sufficient for our needs, further extensions were created adhering to the P&P Software Architecture (PPSA), which are now embedded as components.
Tapestry Components
The components (ppsa-t5-commons, ppsa-t5-d7, ppsa-t5-jcaptcha) which were used to extend the Tapestry Framework have already been discussed in the article PPSA T5 Komponenten in the P&P Blog. I will refrain from giving redundant explanations here, and point our readers to Krasimir Zhelev’s Blog article.
Further new Tapestry Components
In addition to the Extensions that had already been created for Tapestry, the following components have been developed especially for WAID:
ppsa-t5-pwdsuggestion – 0.8.0
This component defines the interface for the Tapestry based password suggestion service and realise the relevant interfaces. These are implemented in WAID. In addition , the following components are used:
- jpwgen and
- idmnovutil
Business Logic Components
The application’s controller layer is realized both in WAID and in the components described here.
pwd-man-api – 1.0.0
This is ?only? an API, i.e. a definition of interfaces, and not an implementation. The abstraction is used to achieve independance from Novell products.
The interfaces used most for this are the PasswordManager for all functions concerning passwords as well as the ChallengeResponseManager for access to Novell’s functions regarding the Security Questions for Password Recovery.
jpwgen – 1.0.4
The password generator is the password suggestion service’s core piece, and is able to take into account a variety of rules.
Instead of going into too much detail here, I will point you to the official website of jpwgen, which has already been published as Open Source Software under LGPL v2.1.
idmsec – 1.0.0
This component addresses all tasks concerning encryption and hashing of passwords. For this, it implements a series of algorithms:
Hashes:
- MD5
- SMD5
- SHA
- SSHA
- UNIX CRYPT
- UNIX SMD5 CRYPT
- SMB
- Apache MD5
- HIS/SOS Apache MD5
- OpenBSD-style Blowfish
- LANMAN
- NTUNICODE
- APHELION
- …
Crypts:
- Blowfish
- …
The component also provides the LDAP Connection Manager, which is used to create and manage LDAP connections. It is able to manage a series of connections simultaneously, and supports both ldaps and StartTLS for secure connections.
idmnovutil – 1.0.0
To achieve independance from Novell products, pwd-man-api has already been mentioned above. Idmnovutil is the implementation of this interface. It is based on several tools (Novell NMAS, OpenLDAP Java LDAP and Novell LDAP Classes for Java) and implements the part specific to the Novell Identity Manager.
Ideally, when using WAID with a different provider’s MetaDirectory, this would be the only component that needs to be changed. This experiment still awaits testing, though. 😉
idmone-core – 0.5.0
Within the three column architecture, this component is the core function, as suggested by the name.
This means that the domain model also contains the definitions for persons (entities), affilitations and entitlements.
The Data Access Object (DAO) Layer manages object procession, i.e. searching, creating, reading, changing and finally Deleting (CRUD) objects.
It also implements several relevant functions, e.g. activating persons.
– 1.0.0
Finally, integration of the components mentioned above is managed by WAID, which also displays the final web interface.
The Logic is implemented as a Tapestry Service, mostly, with the following internal main functions:
- ChallengeResponse (C&R) ? checks and sets C&Rs for different users.
- LayoutBuilder ? creates a dynamic menu and helps with the session management. The implemented interface is defined in ppsa-t5-d7.
- LoggedOnPerson ? checks the users’ authentication.
- ProofOfAuthority ? checks authorisation.
- PwdSuggestion ? Implementation of the interface defined in ppsa-t5-pwdsuggestion
- UserASCreator ? loads data for successfully authenticated users via the DAO layer.
The user interface also uses the ppsa-t5-* Tapestry components mentioned above.
The user can access the following functions:
- User information, aka data security information.
- View service(s)
- Password change
- Challenge & Response (Security Questions: C&R)
- PDF printing
- User information letter
- Service information letter
- Administrator functions
- Search for users
- Set (initial) password
- Print user information letter
Outlook
All the components mentioned here ? at least those that are still unpublished ? will be published successively. This depends on the actual development stage the product and its documentation is in, and that third parties will be able to make use of it.
If you are interested before that time, please write an email to idmone@rrze.uni-erlangen.de.
You can of course use the same Email address, if you would like support for your own IdM project.