[jboss-user] [Security & JAAS/JBoss] - SSO Specific Usecase

[nipunbatra]

Hi

I am using JBOSS SSO with JAAS based approach and everything works great for me. 

But we have one typical requirement.
I have two Applications Running on 2 different machines


On our application A user logs in with information clientID, username and password, (In JAAS scenario clientID+username makes the principal). 

Now we have functionality that on application A itself, same user can switch its clientID, 

e.g.  
User Logs into Application A with 

UserName:nick
ClientID: 1234
password: protected

After that user wants to switch ClientID but username still remains the same e.g. 
UserName:nick
ClientID: 5678
password: protected


For this scenario, the moment user switch clientID we logout the user by invalidating session and login automatically again with new clientid but same username and password.

Now as we are using SSO I believe that we should call some function of SSO API, to tell the SSO framework that we have Automatically logged in the new user, please change token information accordingly, so that if I go to my partner Application B, I should see new user information.

Is there any way we can achieve it? 

If I am not wrong same thing happens when we go from one partner application site to another after login. 
SSOAutoLogin automatically login the user and takes care of SSO Tokens also.


Other thing I can think of is, After invalidating the session, we can call SSOManager.cleanToken(),  (but this method takes a String Argument ssoToken whcih I am sure, what exactly it is) and after that login the user and SSO Framework will automatically takes care of new Token.

Would appreciate of someone can help me clarifying this.

Thanks
Nipun




View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3990292#3990292

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3990292