[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1032) Integration with JBoss SSO

[ http://jira.jboss.com/jira/browse/JBSEAM-1032?page=comments#action_12362066 ] Arthur Troyer commented on JBSEAM-1032: --------------------------------------- As I see it. If the user has already been authenticated via an SSOSession, you do not need to call the loginContext.login() method. This addresses the problem of crossing systems/domains that may have different passwords. The assumption is that if the user has been authenticated by one of the trusted applications, he does not need to be authenticated again. You would just have to create the subject and populate it with the principle. This leaves the issue of Authorization. If the JAAS login is supplying the roles, and you are not doing the login, these roles would not be present. One possible solution to this is to provide access to the principle and subject, in a protected (instead of private) way. Instead of calling the loginContext.login() routine, you would call a routine named "SSOProvideRoles". This routine would read the LDAP to get the roles. As an added feature, since you have made the principle and subject variables protected, a developer could extend the method and override this "SSOProvideRoles" method and populate the subject with the roles in whatever manner he desires. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira