using sso for application configuration
DESCRIPTION
There are many options for application configuration within BizTalk Server. This presentation shows how to use the OOTB features of Enterprise Single Sign-On to host secure, distributed configuration within customised application containers.TRANSCRIPT
![Page 1: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/1.jpg)
BizTalk Server 2010Using SSO for Application Configuration
Daniel Toomey, Mexia ConsultingSenior Integration Specialist
![Page 2: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/2.jpg)
What is Enterprise Single Sign-On?
2
Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc
![Page 3: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/3.jpg)
What is Enterprise Single Sign-On?
3
Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc
![Page 4: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/4.jpg)
What does this have to do with App Config?• Distributed• Secure
4
Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc
?
![Page 5: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/5.jpg)
SSO Affiliate Applications
System A Credentials
<Username/Password>
System B Credentials
<Username/Password>
App A Configuration
<Key/Value>, <Key/Value>, …
App C Configuration
<Key/Value>, <Key/Value>, …
5
![Page 6: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/6.jpg)
Application Configuration Options in BizTalk
6
XML Configuration File
– BTSNTSvc.exe.config– BTSNTSvc64.exe.config
![Page 7: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/7.jpg)
PROS• Easy to implement• Familiar
<appSettings> methodology (Web.config / App.config)
• Easy to update configuration
CONS• No OOTB security• Not distributed• No application
isolation• Host(s) restart req’d
Application Configuration Options in BizTalk
7
XML Configuration File
– BTSNTSvc.exe.config– BTSNTSvc64.exe.config
![Page 8: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/8.jpg)
PROS• Distributed (single
repository)• Security & access is
independently configurable
• Familiar development methodology
• Easy to update configuration
CONS• Not as easy to
implement as XML file configuration
• Requires data access code
• Application segregation & access control must be manually configured
• Possible performance issue (unless caching is implemented)
Application Configuration Options in BizTalk
8
Custom Database Table(s)
– ADO.NET, Entity Framework– WCF SQL Adapter
![Page 9: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/9.jpg)
Application Configuration Options in BizTalk
9
BizTalk Rules Engine (BRE)
– Included with BizTalk Server– Condition is always “true” (e.g. 1 ==1)
![Page 10: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/10.jpg)
PROS• Distributed (single repository)• Access is controlled by user account
• Accessible to BizTalk orchestrations and other components & services via .NET API
• No service / host restart required for updates
• Application segregation via policy
• Supports versioning!
CONS• Unfamiliar developer environment to most programmers
• Requires Business Rules Composer to update
Application Configuration Options in BizTalk
10
BizTalk Rules Engine (BRE)
– Included with BizTalk Server– Condition is always “true” (e.g. 1 ==1)
![Page 11: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/11.jpg)
PROS• Distributed (single
repository)• Highly secure (built-in
encryption)• Segregated application
containers with independent access control
• Accessible to BizTalk orchestrations and other components & services via .NET API
CONS• Some programming effort
required• Enterprise SSO Services
must be restarted upon changes
• GUI updates require additional tools (but they are free)
Application Configuration Options in BizTalk
11
SSO Configuration Store
– Included with BizTalk Server– The subject of this talk!!
![Page 12: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/12.jpg)
XML DB BRE SSO
Secure
Distributed
Granular Access Control
Ease of Programming
Changes w/o Restart
Versioning
XML DB BRE SSO
Secure XDistributed XGranular Access Control XEase of Programming Changes w/o Restart XVersioning X
XML DB BRE SSO
Secure X ?Distributed X Granular Access Control X ?Ease of Programming Changes w/o Restart X ?Versioning X ?
XML DB BRE SSO
Secure X ? XDistributed X Granular Access Control X ? Ease of Programming ?Changes w/o Restart X ? Versioning X ?
Options at a Glance
XML DB BRE SSO
Secure X ? X Distributed X Granular Access Control X ? Ease of Programming ? Changes w/o Restart X ? XVersioning X ? X
![Page 13: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/13.jpg)
What’s Out of the Box?
1. ssomanage – command line utility– Create Apps– List Apps– Delete Apps
ssomanage -createapps "MySchema.xml“
2. BTSScnSSOApplicationConfig– Sets config values:
BTSScnSSOApplicationConfig.exe -set AppName "ConfigProperties" "paramname" "paramvalue“
– Available in the Developer installation files:– <BTS2010 Installation Files Path>\Developer Edition\BT
Server\MSI\Program Files\SDK\Scenarios\Common\SSOApplicationConfig
– Need to run “Setup.bat” to generate the EXE in the bin folder13
![Page 14: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/14.jpg)
Example XML Definition File
14
![Page 15: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/15.jpg)
SSO Application Configuration
• MMC Snap-In– GUI allows you to do all of the above– Separate download from Microsoft:
http://www.microsoft.com/en-au/download/details.aspx?id=14524
• Caveat:– Pay attention to “Company Name” when installing– Must match domain in “contact” address
15
![Page 16: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/16.jpg)
.NET Programming API
• Sample class from MSDN:
16
![Page 17: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/17.jpg)
.NET Programming API
• Sample class from MSDN:
17
![Page 18: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/18.jpg)
Demo: App Mgmt Using SSO
• In this demonstration, you will see how to…– Create an application using ssomanage– Add config values using command line utility– Install the SSO Application Configuration MMC Snap-In– Edit & add config values using MMC Snap-In– Create & delete apps using MMC Snap-In
![Page 19: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/19.jpg)
Demo
SSO App Management
![Page 20: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/20.jpg)
Resources
• Understanding Enterprise Single Sign-Onhttp://msdn.microsoft.com/en-us/library/aa745042(v=bts.10).aspx
• Updated Ways to Store Data in BizTalk SSO Storehttp://seroter.wordpress.com/2010/07/06/updated-ways-to-store-data-in-biztalk-sso-store/
• SSO as a Configuration Storehttp://msdn.microsoft.com/en-us/library/ee251728(v=bts.10).aspx
• BizTalk SSO Configuration Data Storage Toolhttp://seroter.wordpress.com/2007/09/21/biztalk-sso-configuration-data-storage-tool/
• Sample Application from MSDNhttp://go.microsoft.com/fwlink/?linkid=99741
• BizTalk Server: Application Configuration Optionshttp://social.technet.microsoft.com/wiki/contents/articles/6494.biztalk-server-application-configuration-options.aspx
20
![Page 21: Using SSO for Application Configuration](https://reader036.vdocuments.mx/reader036/viewer/2022081412/54582e33b1af9fba5d8b4b8c/html5/thumbnails/21.jpg)
Brisbane BizTalk User Group
21
www.briztalk.org
https://www.facebook.com/BrisbaneBizTalkUserGroup@briztalk