LW-SSO Security Warnings

This section describes security warnings that are relevant to the LW-SSO configuration:

  • Confidential InitString parameter in LW-SSO. LW-SSO uses Symmetric Encryption to validate and create a LW-SSO token. The initString parameter within the configuration is used for initialization of the secret key. An application creates a token, and each application using the same initString parameter validates the token.

    Caution  

    • It is not possible to use LW-SSO without setting the initString parameter.

    • The initString parameter is confidential information and should be treated as such in terms of publishing, transporting, and persistency.

    • The initString parameter should be shared only between applications integrating with each other using LW-SSO.

    • The initString parameter should have a minimum length of 12 characters.

  • Enable LW-SSO only if required. LW-SSO should be disabled unless it is specifically required.

  • Level of authentication security. The application that uses the weakest authentication framework and issues a LW-SSO token that is trusted by other integrated applications determines the level of authentication security for all the applications.

    It is recommended that only applications using strong and secure authentication frameworks issue an LW-SSO token.

  • Symmetric encryption implications. LW-SSO uses symmetric cryptography for issuing and validating LW-SSO tokens. Therefore, any application using LW-SSO can issue a token to be trusted by all other applications sharing the same initString parameter. This potential risk is relevant when an application sharing an initString either resides on, or is accessible from, an untrustworthy location.
  • User mapping (Synchronization). The LW-SSO framework does not ensure user mapping between the integrated applications. Therefore, the integrated application must monitor user mapping. We recommend that you share the same user registry (as LDAP/AD) among all integrated applications.

    Failure to map users may cause security breaches and negative application behavior. For example, the same user name may be assigned to different real users in the various applications.

    In addition, in cases where a user logs onto an application (AppA) and then accesses a second application (AppB) that uses container or application authentication, the failure to map the user will force the user to manually log on to AppB and enter a user name. If the user enters a different user name than was used to log on to AppA, the following behavior can arise: If the user subsequently accesses a third application (AppC) from AppA or AppB, then they will access it using the user names that were used to log on to AppA or AppB respectively.

  • Identity Manager. Used for authentication purposes, all unprotected resources in the Identity Manager must be configured with the nonsecureURLs setting in the LW-SSO configuration file.
  • LW-SSO Demo mode.

    • The Demo mode should be used for demonstrative purposes only.
    • The Demo mode should be used in unsecured networks only.
    • The Demo mode must not be used in production. Any combination of the Demo mode with the production mode should not be used.