This blog describes the implementation of AITC’s IAM extension for thick-client application. Thick-clients are those applications, which are installed on end-user’s system and user login to the application by providing credentials. Most famous application of this sort is Microsoft’s Outlook.
AITC has developed configurable SSO utility in two formats as follows:
- Agent Based Thick-Client SSO
- Chrome Plugin based Thick-Client SSO
Agent Based Thick-Client SSO is installed on end-user’s system. End-user is required to login to validate OpenIAM credentials and configure Thick-Client which are available for enabling thick-client SSO.
- Valid identity credentials in OpenIAM
- Valid credentials for end-point application
- Application should be configured for SSO
How it works:
Basically, agent gets installed in end-user’s system and configured for valid SSO application. User has to provide app credentials for activating SSO.
On system startup, user is asked to login using OpenIAM credentials. On successful login, automatic SSO is enabled on system. As soon as user tries to open SSO enabled application, agent detect the application, fill the credentials as per configuration and submit.
Also, this agent comes with a utility which helps end-user to configure new thick-client which are not configured already. This agent is helpful in-case users are having multiple credentials for one identity for different application and need to access application on frequent basis.
- Application credentials are stored on OpenIAM repository.
- App credentials can be configured as login credentials of OpenIAM or any specific attributes like Outlook would need login name as email-address attribute of the user.
- This is system-tray based agent.
This utility manages application without any interface in OpenIAM and configuration & credentials are not required to configure again in-case change in laptop or system.
Chrome Plugin based Thick-Client SSO is plugin-based thick-client SSO. This type of SSO scheme is used in the environment where end-user is required to login in OpenIAM for accessing thick-client app.
Now days’ enterprises are using web-based & thick-client based applications. So managing SSO for both type of application becomes cumbersome. To address this issues, chrome plugin based Thick-client SSO gives better solution.
- Valid credentials for OpenIAM
- Resource should be assigned to end-user to access the application
- Credentials should be mapped to Identity’s attribute
How it works:
User login in the Selfservice of OpenIAM, navigate to “My Application”. If user has thick app is assigned, application icon becomes visible. On click, application is started on end-user application, user-credentials are filled and submitted for application access.
In this, there is no configuration is required on client application and only chrome extension performs all activities to enable SSO on thick client.
- This is installed on end-user’s system as chrome extension
- JEE application is deployed on server for SSO
- Few registry updates are required.
For any update on these utility, please write to us on firstname.lastname@example.org