[jboss-user] [Security & JAAS/JBoss] - Re: Jboss SSO Web Application

sohil.shah@jboss.com do-not-reply at jboss.com
Wed Nov 1 21:47:27 EST 2006


anonymous wrote : 
  | If I write JAAS based Authentication in my application where exactly I can link it with JBoss SSO. Also as per my understanding the Identity manager shd be on one central server and rest of the application on remote server should contact identity manager to validate any user. 
  | 

You don't need to write a JAAS module. As long as you provide the implementation of LoginProvider which you are, you can use the org.jboss.security.idm.UsernameAndPasswordLoginModule which ships with the Identity Manager component of the framework. Only thing you will need to do is get your JAAS configuration right. For info on the configuration look at:
http://labs.jboss.com/portal/index.html?ctrl:cmd=render&ctrl:window=default.wiki.WikiPortletWindow&page=IdentityManagement&language=EN

anonymous wrote : 
  | Also as per my understanding the Identity manager shd be on one central server and rest of the application on remote server should contact identity manager to validate any user. 
  | 

Actually the IdentityManager framework of the system is an abstraction for an IdentityManagement system like an LDAP store, SiteMinder, or in your case a JDBC database.

The IdentityManager runs locally on each partner node of the application, but the implementation of your LoginProvider can connect to a remote data store/server where the Identity Credentials are stored.

anonymous wrote : 
  | the login methid in this case will be invokes at local server or central server
  | 

Technically the LoginProvider methods execute locally on each partner node, but their implementation is free to extract the actual data from a central data store...as per my explanation above.


The whole idea behind an IdentityManager abstraction is so that it can hook in to other components of the SSO system like the Federation Server, Trust Server, JAAS modules etc without having to program to any proprietary API of an Identity system.






View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982542#3982542

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982542



More information about the jboss-user mailing list