[jboss-user] [Security & JAAS/JBoss] - Re: Identity/Access Management/SSO UseCases

barramundi do-not-reply at jboss.com
Mon Mar 17 23:38:05 EDT 2008


I would like to see more flexibility for  JBossSX  to interact with client for obtaining various type of credentials.
When doing SSO, it's almost impossible to avoid doing HTTP redirects, set and  delete cookies and other HTTP operations.

It is therefore very beneficial to add a HTTP Callback to enable a JAAS Login Module to do all these stuff.
At the moment, there's only username password call back.
So developers have to workaround it using valves to interact with the user.

SAP WebAS' JAAS API is an example that has this HTTP Callback. Developing custom sso authentication module for SAP WebAS is a breeze because of this.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137257#4137257

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4137257



More information about the jboss-user mailing list