[jboss-user] [JBoss Portal] - Re: Using JBoss Portal and CAS to implement SSO for external

sohil.shah@jboss.com do-not-reply at jboss.com
Tue Feb 19 11:55:57 EST 2008


Andergast-

As Soon5 said in an earlier post, the fundamental problem has to do with propagation of the CAS token to the external application which is running inside the Portal page as an IFRAME.

Web SSO in general relies on passing authentication assertions via Cookies. Due to security reasons, a Browser is not allowed to send this cookie to external applications that are exposed via an IFRAME.

What you need to do is integrate this external web application into JBoss Portal using a Portlet Bridge. In this case, the CAS integration with JBoss Portal will properly propagate the authenticated Portal session to your Portlet.

On the standalone application side, if within the same active CAS session, you access the external web application outside the Portal context, whatever CAS integration you are using for the standalone web application will authenticate your CAS token and you will have Single Sign On into your standalone web application.

Without a Portlet Bridge, I am afraid your IFRAME cannot receive the CAS token. This is a Browser architecture limitation (for obvious reasons). It has nothing to do with IFRAME running on JBoss Portal page. You will get the same result with two simple web applications exposing each other via an IFRAME, integrated via CAS

Sorry for the long reply, but I hope the explanation throws some light on your issue

Thanks

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4130475#4130475

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4130475



More information about the jboss-user mailing list