[jboss-dev-forums] [Design of Security on JBoss] - Re: JBoss Federated SSO : How browsers can send and store a

Monday, 16 February 2009

Hi,

"michaelf" wrote : Hi!
  | I miss couple of things in the design of JBoss Federated SSO.
  | As I understand, browser sends the SAML based token to each application that
participated in SSO.
  | 
  | 1)	When the SAML based token is added to browser? After the authentication of a user?
  | 2)	How the token is added to browsers? Which browsers support today storing of the
SAML based token?
  | 3)	How the token is sends to an HTTP client? As an HTTP parameter? As an HTTP header?
Something else?
  | 

the SAML-Token is handled between the two websites. The "token" as mentioned in
the fed-sso-wiki is a cookie which is stored on a browser after a successful
authentication. 

Marc

View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210490#...

Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design of Security on JBoss] - Re: JBoss Federated SSO : How browsers can send and store a