Using SSO for Application Configuration

BizTalk Server 2010Using SSO for Application Configuration

Daniel Toomey, Mexia ConsultingSenior Integration Specialist

What is Enterprise Single Sign-On?

2

Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc

What is Enterprise Single Sign-On?

3


What does this have to do with App Config?• Distributed• Secure

4


?

SSO Affiliate Applications

System A Credentials

<Username/Password>

System B Credentials

<Username/Password>

App A Configuration

<Key/Value>, <Key/Value>, …

App C Configuration

<Key/Value>, <Key/Value>, …

5

Application Configuration Options in BizTalk

6

XML Configuration File

– BTSNTSvc.exe.config– BTSNTSvc64.exe.config

PROS• Easy to implement• Familiar

<appSettings> methodology (Web.config / App.config)

• Easy to update configuration

CONS• No OOTB security• Not distributed• No application

isolation• Host(s) restart req’d


7

XML Configuration File

– BTSNTSvc.exe.config– BTSNTSvc64.exe.config

PROS• Distributed (single

repository)• Security & access is

independently configurable

• Familiar development methodology

• Easy to update configuration

CONS• Not as easy to

implement as XML file configuration

• Requires data access code

• Application segregation & access control must be manually configured

• Possible performance issue (unless caching is implemented)


8

Custom Database Table(s)

– ADO.NET, Entity Framework– WCF SQL Adapter


9

BizTalk Rules Engine (BRE)

– Included with BizTalk Server– Condition is always “true” (e.g. 1 ==1)

PROS• Distributed (single repository)• Access is controlled by user account

• Accessible to BizTalk orchestrations and other components & services via .NET API

• No service / host restart required for updates

• Application segregation via policy

• Supports versioning!

CONS• Unfamiliar developer environment to most programmers

• Requires Business Rules Composer to update


10

BizTalk Rules Engine (BRE)

– Included with BizTalk Server– Condition is always “true” (e.g. 1 ==1)

PROS• Distributed (single

repository)• Highly secure (built-in

encryption)• Segregated application

containers with independent access control

• Accessible to BizTalk orchestrations and other components & services via .NET API

CONS• Some programming effort

required• Enterprise SSO Services

must be restarted upon changes

• GUI updates require additional tools (but they are free)


11

SSO Configuration Store

– Included with BizTalk Server– The subject of this talk!!

XML DB BRE SSO

Secure

Distributed

Granular Access Control

Ease of Programming

Changes w/o Restart

Versioning

XML DB BRE SSO

Secure XDistributed XGranular Access Control XEase of Programming Changes w/o Restart XVersioning X

XML DB BRE SSO

Secure X ?Distributed X Granular Access Control X ?Ease of Programming Changes w/o Restart X ?Versioning X ?

XML DB BRE SSO

Secure X ? XDistributed X Granular Access Control X ? Ease of Programming ?Changes w/o Restart X ? Versioning X ?

Options at a Glance

XML DB BRE SSO

Secure X ? X Distributed X Granular Access Control X ? Ease of Programming ? Changes w/o Restart X ? XVersioning X ? X

What’s Out of the Box?

1. ssomanage – command line utility– Create Apps– List Apps– Delete Apps

ssomanage -createapps "MySchema.xml“

2. BTSScnSSOApplicationConfig– Sets config values:

BTSScnSSOApplicationConfig.exe -set AppName "ConfigProperties" "paramname" "paramvalue“

– Available in the Developer installation files:– <BTS2010 Installation Files Path>\Developer Edition\BT

Server\MSI\Program Files\SDK\Scenarios\Common\SSOApplicationConfig

– Need to run “Setup.bat” to generate the EXE in the bin folder13

Example XML Definition File

14

SSO Application Configuration

• MMC Snap-In– GUI allows you to do all of the above– Separate download from Microsoft:

http://www.microsoft.com/en-au/download/details.aspx?id=14524

• Caveat:– Pay attention to “Company Name” when installing– Must match domain in “contact” address

15

.NET Programming API

• Sample class from MSDN:

16

.NET Programming API

• Sample class from MSDN:

17

Demo: App Mgmt Using SSO

• In this demonstration, you will see how to…– Create an application using ssomanage– Add config values using command line utility– Install the SSO Application Configuration MMC Snap-In– Edit & add config values using MMC Snap-In– Create & delete apps using MMC Snap-In

Demo

SSO App Management

Resources

• Understanding Enterprise Single Sign-Onhttp://msdn.microsoft.com/en-us/library/aa745042(v=bts.10).aspx

• Updated Ways to Store Data in BizTalk SSO Storehttp://seroter.wordpress.com/2010/07/06/updated-ways-to-store-data-in-biztalk-sso-store/

• SSO as a Configuration Storehttp://msdn.microsoft.com/en-us/library/ee251728(v=bts.10).aspx

• BizTalk SSO Configuration Data Storage Toolhttp://seroter.wordpress.com/2007/09/21/biztalk-sso-configuration-data-storage-tool/

• Sample Application from MSDNhttp://go.microsoft.com/fwlink/?linkid=99741

• BizTalk Server: Application Configuration Optionshttp://social.technet.microsoft.com/wiki/contents/articles/6494.biztalk-server-application-configuration-options.aspx

20

Brisbane BizTalk User Group

21

www.briztalk.org

https://www.facebook.com/BrisbaneBizTalkUserGroup@briztalk

Using SSO for Application Configuration

Technology

Transcript of Using SSO for Application Configuration