Home | english  | Impressum | Sitemap | KIT

JaaS Dispatcher

JaaS Dispatcher
Ansprechpartner:Sebastian Labitzke,

Jochen Dinger


Java Authentication and Authorization Service (JaaS) is a Java security framework for a modular authentication of users against one or more authentication interfaces, e.g. database interfaces, Kerberos access, web services. These interfaces are connected via so called JaaS login modules, which, in their turn, are configured in a login.config file and invoked via a JaaS Context. All configured JaaS login modules and thus all corresponding interfaces are triggered sequentially for each login process until an appropriate interface is found to authenticate the current user. For more information about JaaS see: http://java.sun.com/javase/technologies/security/


JaaS Dispatcher has been developed at Steinbuch Centre for Computing (SCC), the computing centre of Karlsruhe Institute of Technology (KIT) in the year 2010. The software is licensed under the Apache License, Version 2.0 (Copyright 2010 Steinbuch Centre for Computing (SCC), KIT).


JaaS Dispatcher is a JaaS login module, too. In contrast to other login modules it is not developed to encapsulate an authentication interface, but rather to match a dedicated JaaS login module with the corresponding interface for each authentication process at runtime. Therefore, JaaS Dispatcher applies regular expressions on a users’ identification to determine the responsible JaaS login module for an authentication. If a decision could be made a new JaaS Context will be build to delegate the authentication to an appropriate JaaS login module configured for the selected authentication interface. Accordingly, a JaaS login process with JaaS Dispatcher directly uses only one JaaS login module to authenticate a user, contrary to other JaaS login processes, where more than one login module can and often has to be triggered for a single login.


Principally, JaaS Dispatcher has been developed for the deployment in context with a Shibboleth identity provider. Shibboleth uses JaaS to authenticate users as a first step of the initiation of a single-sign on session. Nevertheless, JaaS Dispatcher is applicable to all JaaS configurations and it works independently from Shibboleth. This independence is especially helpful for the deployment with Shibboleth, because Shibboleth code can be left untouched to deploy JaaS Dispatcher.