Seamless Single Sign-On System for Legacy Multi-Platform Applications

Financial services

Government

Identifying Challenges in Secure Access and User Management for Legacy Multi-Platform Systems

The client operates a heterogeneous environment comprising legacy applications built on Java and .NET platforms. They face difficulties in managing user access, entitlements, and roles across these systems, which hampers security, operational efficiency, and scalability. Existing infrastructure lacks a centralized single sign-on mechanism, leading to inconsistent user experiences and increased administrative overhead. They require a solution that enables seamless, secure access while maintaining their existing application infrastructure.

About the Client

A large financial institution or government agency managing diverse legacy applications across multiple platforms seeking integrated security and user management.

Primary Goals for Implementing an Integrated Single Sign-On Solution

Develop a web-based single sign-on interface that integrates seamlessly with existing legacy applications.
Implement centralized management of user identities, roles, and permissions across multiple platforms.
Enhance security through sophisticated session management and secure communication protocols.
Minimize interserver traffic and operational costs by leveraging efficient web services and caching mechanisms.
Create a simple, scalable API to facilitate the integration of additional systems as needed.
Ensure high performance and security standards to support a large, diverse user base.

Core Functionalities and Capabilities for the SSO System

Robust web-based signon interface for user authentication and session management.
Centralized user management system for roles and entitlement control.
Integration with existing legacy applications via standardized protocols.
Use of web services (e.g., Hessian, REST) for efficient communication between components.
Local caching of permissions and session data on each sign-on server to reduce network traffic.
Simple API design to enable easy addition of new applications or systems.
Advanced session management features to support security and performance.

Preferred Technologies and Architectural Principles

AJAX for dynamic web interface

Java and .NET integration platforms

Spring Framework for backend development

Hibernate for ORM capabilities

Hessian web services protocol for efficient remote procedure calls

EhCache or similar caching solutions for local data storage

Essential External System Integrations

Legacy Java applications
Legacy .NET applications
User directory services (e.g., LDAP/Active Directory)
Security token services or identity providers if applicable

Key Non-Functional Requirements for System Success

High scalability to support extensive user base across multiple locations
Low latency with optimized interserver communication (minimized network traffic)
Robust security measures, including session security and data encryption
High availability and reliability to ensure continuous access
Ease of API extension for future system integrations

Expected Business Impact and Value Proposition

Implementation of this integrated single sign-on system is expected to achieve secure, seamless access for users across multiple legacy applications, reducing administrative overhead and enhancing security posture. Cost savings are anticipated through minimized interserver traffic and efficient cache utilization. The system will support scalable growth and facilitate future system integrations, maintaining the client’s leadership in compliance and risk management within the financial sector.