[jboss-dev-forums] [Design of Security on JBoss] - Re: JBoss Federated SSO : How browsers can send and store a
meme
do-not-reply at jboss.com
Mon Feb 16 14:54:39 EST 2009
Hi,
"michaelf" wrote : Hi!
| I miss couple of things in the design of JBoss Federated SSO.
| As I understand, browser sends the SAML based token to each application that participated in SSO.
|
| 1) When the SAML based token is added to browser? After the authentication of a user?
| 2) How the token is added to browsers? Which browsers support today storing of the SAML based token?
| 3) How the token is sends to an HTTP client? As an HTTP parameter? As an HTTP header? Something else?
|
the SAML-Token is handled between the two websites. The "token" as mentioned in the fed-sso-wiki is a cookie which is stored on a browser after a successful authentication.
Marc
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210490#4210490
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210490
More information about the jboss-dev-forums
mailing list