[jboss-user] [JBoss Portal] - Re: Using JBoss Portal and CAS to implement SSO for external
sohil.shah@jboss.com
do-not-reply at jboss.com
Tue Feb 19 11:55:57 EST 2008
Andergast-
As Soon5 said in an earlier post, the fundamental problem has to do with propagation of the CAS token to the external application which is running inside the Portal page as an IFRAME.
Web SSO in general relies on passing authentication assertions via Cookies. Due to security reasons, a Browser is not allowed to send this cookie to external applications that are exposed via an IFRAME.
What you need to do is integrate this external web application into JBoss Portal using a Portlet Bridge. In this case, the CAS integration with JBoss Portal will properly propagate the authenticated Portal session to your Portlet.
On the standalone application side, if within the same active CAS session, you access the external web application outside the Portal context, whatever CAS integration you are using for the standalone web application will authenticate your CAS token and you will have Single Sign On into your standalone web application.
Without a Portlet Bridge, I am afraid your IFRAME cannot receive the CAS token. This is a Browser architecture limitation (for obvious reasons). It has nothing to do with IFRAME running on JBoss Portal page. You will get the same result with two simple web applications exposing each other via an IFRAME, integrated via CAS
Sorry for the long reply, but I hope the explanation throws some light on your issue
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4130475#4130475
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4130475
More information about the jboss-user
mailing list