Hi,
I am currently working on a new security implementation for my company - I am a committer
on JBossESB and thought what better people to ask my questions than fellow JBoss brethren
:-)
We are migrating to JBoss - but right now we are focused on security. There is a good
oppty for us to integrate JBoss security at this point. My reqt. is for Delegated
Authentication - we have currently have an application that performs Form based
authentication, sets an encrypted cookie (with user and pass), this cookie on subsequent
requests is decrypted by a webserver plug-in - which also sets the BASIC auth headers and
forwards the request to our apps, then there is a JAAS plugin to take care of the
application entitlements. Woo! Get all that.
Right now - we would like to keep all that but offer our own SAML Delegated Authentication
(browser based identity federation) scheme. We could just give our clients a different
url for the saml assertions.
I have looked through the docs and I do not see anything directly dealing with browser
identity federation through the use of SAML assertions. Also, wondering if it would be
possible to achieve this using non-JBoss appserver instances (keeping the BASIC auth) - I
am thinking all requests would need to come through a marshalling framework to handle
timeouts, etc... then populate the BASIC headers, forward the request - sound right?
Or am I way off base?
I would love to get this working as it would definitely be a high profile implementation.
Thanks for any help.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970988#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...