United States - English

Australia - English

Belgium & Luxembourg - English

Latin America - Español

Netherlands - Dutch

New Zealand - English

Russia - Росси́я

Scandinavia - English

South East Asia - English

Spain - Español

United Kingdom - English

Vintela Single Sign-on for Java		Home > Products > Vintela Single Sign-on for Java > Features and Benefits		Print Page		Request a Quote		Email Page

Overview

Features and Benefits

Document Library

Webcasts and Events

Download

Vintela Single Sign-on for Java

Single Sign-on for J2EE Environments in Active Directory

Create single sign-on for web applications and services from Active Directory
Simplify identity and access management
Preserve the end-user experience and increase user productivity
Extend Windows Integrated Authentication to Java architectures
Improve security based on existing infrastructure
Achieve regulatory compliance

Naturally Integrate Active Directory with Java and J2EE environments

Through the Kerberos standard, Vintela Single Sign-on for Java integrates user login on the Windows desktop (into Active Directory) with the Vintela Single Sign-on for Java-enabled J2EE server leveraging a Kerberos ticket that provides single sign-on access to all authorized network services. Vintela Single Sign-on for Java saves organizations time and money by eliminating the need for specialized tools to perform Java authorization and authentication. It also brings Java/J2EE applications into Active Directory, leveraging the same powerful capabilities that make AD such an effective tool in the security and management of Windows systems.

With Kerberos implemented in Java for a wide range of supported J2EE platforms—including Apache Tomcat, BEA WebLogic, IBM WebSphere, and Oracle AS—Vintela Single Sign-on for Java integrates each with Active Directory while preserving its unique personality and advantages.

Create single sign-on for web applications and services from Active Directory

Through the Kerberos standard—the same standard used by Active Directory for Windows single sign-on—Vintela Single Sign-on for Java integrates user login on the Windows desktop (into Active Directory) with the Vintela Single Sign-on for Java-enabled J2EE server issuing a Kerberos ticket that provides single sign-on access to all authorized network services. The end result is true single sign-on for Windows and Java resources. One login extends to all approved and affected systems.

Simplify identity and access management

Synchronization and meta-directory solutions typically introduce additional complexity and another layer of infrastructure and management. With Vintela Single Sign-on for Java, the already-proven, trusted, and deployed Active Directory infrastructure can now also include Java and J2EE resources to create a powerful secure, scalable, and cost-effective solution for authorization and authentication.

Preserve the end-user experience and increase user productivity

Vintela Single Sign-on for Java allows users to access all necessary resources (Windows and Java alike) with a single username and password and with their initial Windows login. By simplifying the login process, users need only remember one password, which provides a positive experience and simplifies the login process.

Extend Windows Integrated Authentication to Java architectures

Vintela Single Sign-on for Java provides integrated authentication to .NET and n-tier applications. Through a powerful SDK, Vintela Single Sign-on for Java extends Kerberos delegation to any “Kerberized” application.

Improve security based on existing infrastructure

Because Vintela Single Sign-on for Java natively implements the same secure standards as Active Directory—namely Kerberos and LDAP—on Java/J2EE systems, the high level of security offered by AD for Windows can now be extended to Web services and rich applications.

Achieve regulatory compliance

A common denominator in virtually all applicable regulations is the need to control user access and ensure security of data. One of the biggest challenges facing organizations striving to comply is the need to secure that access across a wide range of systems and platforms. Active Directory provides the ideal platform for compliance on Windows resources. Through Vintela Single Sign-on for Java, that compliance can be seamlessly and natively extended to Java and J2EE systems with minimal additional investment and virtually no additional management, infrastructure, or personnel overhead.

Key Features and Benefits

Feature	Description
Rapid Deployment and Integration	Because Vintela Single Sign-on for Java requires no additional infrastructure or programming, it can be rapidly deployed—reducing the total cost of ownership.
Foundation for Identity Federation	Vintela Single Sign-on for Java’s flexibility and robust use of the AD infrastructure lays a solid foundation for future Federation activities.
Kerberos Authentication	Vintela Single Sign-on for Java is secure by default through its use of the Windows Integrated Authentication mechanism to provide strong Kerberos single sign-on authentication between users and applications, including EJB invocation with Kerberos credentials for WebLogic and JDBC with Kerberos credentials to SQL Server from J2EE applications.
Authorization Using Active Directory Groups	Vintela Single Sign-on for Java supports the authorization of users through controlled access gained by managing Active Directory group membership.
Interoperability with Microsoft Web Services and .NET clients	Because Vintela Single Sign-on for Java provides standard infrastructure support, it can be used to provide security interoperability with Microsoft .NET clients and services using Web services.
Kerberos Library Implementation	Vintela Single Sign-on for Java contains Vintela Single Sign-on for Java Kerberos, a pure Java implementation of the Kerberos protocol that allows developers to integrate Kerberos functionality for authentication and single sign-on with Microsoft Active Directory and MIT Kerberos servers into their applications. Vintela Single Sign-on for Java Kerberos has advanced logging capabilities, which will meet the needs of the widest possible range of customer deployments.
Bridges Java and Microsoft Security	Vintela Single Sign-on for Java provides the tight integration necessary to leverage the capabilities of Active Directory in a J2EE environment.
Active Directory Multiple Domain Support	Vintela Single Sign-on for Java clients can reside in Active Directory realms that are different from the realm that contains the Vintela Single Sign-on for Java-enabled application server. Vintela Single Sign-on for Java supports both cross-realm and cross-forest trusts with Windows 2003, allowing it to scale from the department to the enterprise.
Support for Active Directory Sites	Vintela Single Sign-on for Java uses Active Directory Sites to match its configuration to your Active Directory configuration and network topology.
Performance and Scalability	Vintela Single Sign-on for Java reuses information obtained during the desktop login to avoid expensive LDAP queries. Vintela Single Sign-on for Java also dynamically makes use of Active Directory Domain Controller replicas to provide load balancing and failover if the replicas are unavailable.
Delegation Flexibility	Vintela Single Sign-on for Java extends Kerberos delegation to Kerberized applications. Vintela Single Sign-on for Java includes a powerful SDK that allows it to extend AD beyond J2EE to also include FTP, Web services, etc.
Tight Integration with BEA WebLogic	Vintela Single Sign-on for Java supports BEA WebLogic's Security Service Provider Interfaces (SSPIs), providing tighter integration between WebLogic security and Windows security. Vintela Single Sign-on for Java also performs EJB invocation with Kerberos credentials for WebLogic.
End-to-end Credential Delegation	Vintela Single Sign-on for Java provides a true single sign-on environment by supporting the delegation of credentials to ensure end-to-end authentication.
Kerberos Tools	Vintela Single Sign-on for Java includes an enhanced set of Java Kerberos tools—including jkinit, jklist, and jktutil—that support RC4 in addition to DES.
Windows Install Wizard	Vintela Single Sign-on for Java includes an Install Wizard that provides an easy-to-use interface for installation and configuration.
Secure Connections	Vintela Single Sign-on for Java uses SASL (in conjunction with the Kerberos GSS-API mechanism) to negotiate secure connections between the application server and the Active Directory LDAP service.
Enhanced Support	Vintela Single Sign-on for Java supports authentication and authorization using NTLM tokens for legacy Windows clients such as Windows 98. It also supports the use of smart cards with Windows.
VAS-enabled	If VAS is installed, it can deliver simplified configuration of Active Directory for Vintela Single Sign-on for Java. Vintela Single Sign-on for Java can also take advantage of the advanced key tab management of VAS for increased security.

Supported Environments

J2EE Platforms	J2EE Server OS	Clients
Tomcat & JBoss BEA WebLogic IBM WebSphere Oracle AS (9i & 10g)	Microsoft Windows Server Family Unix Linux	Internet Explorer 5.5+ on Windows 98, 2000, 2003, ME, NT, & XP .NET applications Java client applications Other browsers (via fallback authentication mechanism)

Next Steps Next Steps
	View a product demo

	Review the datasheet

	Download white papers

	Read a tech brief

	Attend events

	Listen to a podcast

	Download

Highlights

	Frequently Asked Questions
	Active Directory Federated Services
	Supported Application Servers
	Document, Resource, and Guidance Library
	Java Kerberos Library
	Identity Integration Tour
	Integration and Identity Management Technologies Glossary
	Download Trial Software

OEM Opportunities

Interested in OEM Opportunities with Vintela Single Sign-on for Java?