[jboss-dev-forums] [JBoss Identity Development] - ADFS JBossWS and friends

I'm going to ask this as if it were a user question. Anil told me to post it here :-) Mainly I'm proposing a scenario. The basic requirement IE/Flash ----SOAP----JBoss----SOAP----AnotherJBoss---SOAP---NOTJBOSS ActiveDirectory The present solution (https://jira.jboss.org/jira/browse/JBAS-2681): Microsoft Certificate Server Fixed LDAPExtLoginModule to let me authorize only and use the principal from the cert SSL Cert authentication That gets us step 1. Step 2 is how does JBoss call AnotherJBoss passing the credentials Present solution involves NOT calling the same port (because I have to NOT do client cert re-authentication) and passing WS-Security info, using another login module that says "if JBoss said he's authenticated then he must be authenticated". Basically ID and origination IP is the credential. So how do I get a real single sign on session from client call one server and share that session up to another and possible another NOT JBoss server? What software, standards, configuration is involved? How would one put such a thing together. Ideally the client would: * only use SSL Authentication anywhere once (Because cross authentication is a bear) * be able to authorize (get his groups and/or roles) in a convenient manner. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4268925#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...