security - How secured is SSO based on token based authentication? -


I plan to integrate the Jasper server as a single sign on with my web application. I went through and jasper suggests token based authentication as a solution (as authentication is already done by my web application)

what Jaspar has suggested

As a token (defined below tokenformat mapping) in a specific format, you will certify a gypser request from astrology server.

Can be a valid token 

  U = User | R = role1 O = org1 Pa1 = PA11 | Pa2 = PA21 Exp = 2001404150601

can cause invalid token 

  u1 = user | R = role1 O = org1 Pa1 = PA11 | Pa2 = PA21 Exp = 2001404150601 r = Role 1 | U = User | O = org1 Pa1 = PA11 | Pa2 = PA21 Exp = 2001404150601

My question is actually a safe process because as soon as the hacker knows the pattern, he can simply log on to the jasper server? I think there can be a compromise with security here. Am I missing something here? 

  Bean square = "com.jaspersoft.jsperserver.api.security.externalAuth.wrappers.spring.preauth.JSPreAuthenticatedAuthenticationProvider" & gt; .................... & lt; Property Name = "TokenPierShiper" value = "|" / & Gt; & Lt; Property Name = "Token Format Mapping" & gt; & Lt; Map & gt; & Lt; Entry key = "user name" value = "u" /> & Lt; Entry key = "roles" value = "r" /> & Lt; Entry key = "orgId" value = "o" /> & Lt; Entry key = "end time" value = "closing" /> & Lt; Entry key = "profile. Authorization" & gt; & Lt; Map & gt; & Lt; Entry key = "profile attribute 1" value = "pay1" /> & Lt; Entry key = "profile ATTB2" value = "pay2" /> & Lt; / Map & gt; & Lt; / Entry & gt; & Lt; / Map & gt; & Lt; / Property & gt; & Lt; Property Name = "Tokens Exacttimestamp Format" Value = "yyyyMMDHHmmssZ" /> & Lt; / Bean & gt; & Lt; / Property & gt; & Lt; / Bean & gt; According to, the user is not directly signed using token-based authentication, according to which,

In addition, this specifies the following:

The JasperReports server will accept any properly formatted token ; Therefore, you need to protect the integrity of the token using the following measures like:

  • Connect to JasperReports server using SSL to protect against token blocking < / Strong>.
  • Token to protect from tampering Encrypt
  • Token to use a timestamp to protect against replay attacks Configure without the timestamp, when you include a token in the web page or REST web service URL, the URL can be copied and used by unauthorized people or systems. Setting the end time for the token will prevent the token / URL from being used to authenticate over the specified time. You can set the closing time on the basis of usage. Requesting access to the user / application and JasperReports server, the expiration period for one minute or less is appropriate from the request time.

All communication should be made through an SSL tunnel; otherwise, anyone can establish a connection to your JR server, send a token and get information about it. Can do.


Comments

Post a Comment

Popular posts from this blog

python - Overriding the save method in Django ModelForm -

I'm having trouble overriding a ModelForm save method. I get this error I'm: Exception type: TypeErier Exception Value: Save () found an unexpected keyword argument 'committed' My intentions include a form 3 fields Submit several values ​​for, then create an object for each combination of those areas, and to save each object file models.py class collarsult type (models.Model): id = model. AutoField (db_column = 'icontact_result_code_type_id', primary_key = true) callResult = models.ForeignKey ( 'CallResult', db_column = 'icontact_result_code_id') campaign = models.ForeignKey ( 'campaign', db_column = 'icampaign_id') CALLTYPE = models.ForeignKey ( 'CALLTYPE', db_column = 'icall_type_id') agent = models.BooleanField (db_column = 'bagent', default = true) teamLeader = models.BooleanField (db_column = 'bTeamLeader', default = true) active = models.BooleanField (db_column = Django.form...
Read more

html - CSS autoheight, but fit content to height of div -

I have a div in which there are three children- div in the left and middle div: float: left while true: float: true because it is my layout Actually will spoil, I've used ClearFix Hack: .cf {zoom: 1; }. Cf: First,. Cf: {content: ""; Display: Table; }. Cf: After {clear: both; } It still works, but I want to be the right div an indicator. So it should fill 100% of the parent unit of height. How can I complete this? PS is the full code: & Lt; / Div & gt; & Lt; Div class = "mobile_content" & gt; & Lt; H5 & gt; {{Data.titel}} & lt; / H5> & Lt; Table & gt; & Lt; TR & gt; & Lt; Th & gt; Komponist: & lt; / Th & gt; & Lt; TD & gt; {{Data.komponist}} & lt; / TD & gt; & Lt; / TR & gt; & Lt; TR & gt; & Lt; Th & gt; Instrument: & lt; / Th & gt; & Lt; TD & gt; {{Data.instrumente}} & lt; / TD & gt; & Lt; / TR & gt;...
Read more

qt - How to prevent QAudioInput from automatically boosting the master volume to 100%? -

I have been trying to use Qt5 multimedia to record audio with QAudioInput, however, when I see If QAudioInput is started, it increases the master volume of my sound device to 100%. How can I prevent QAudioInput from changing the master volume? My current development platform is Linux with PalsAdio (with flat audio disabled). How can I use QAudioInput : QAudioDeviceInfo device_info = QAudioDeviceInfo :: defaultInputDevice (); QAudio format format; Format.setSampleRate (44100); Format.setChannelCount (1); Format.setSampleSize (16); Format.setCodec ("Audio / PCM"); Format.setSampleType (QAudioFormat :: SignedInt); Format.setByteOrder (QAudioFormat :: LittleEndian); Std :: cout & lt; & Lt; Device_info.deviceName (). ToUtf8 (). ConstData () & lt; & Lt; Std :: endl; QAudioInput * default_device = new QAudioInput (device_info, format); QIODevice * default_io_device = default_device-> Start (); a QAudioInput.setVolume () method is not you I ...
Read more