[jboss-user] [Security & JAAS/JBoss] - Re: Jboss SSO Web Application
sohil.shah@jboss.com
do-not-reply at jboss.com
Wed Nov 1 23:50:56 EST 2006
Basically, when a user is authenticated on WebApplication A, the only way WebApplication B can tell is through what we call a SAML token that is propagated in the form of a http cookie.
Now, if you wish to do authentication in a non-JAAS way still using the LoginProvider, you will have to write the plumbing for creating/processing this SSO SAML token in your web application, without which SSO wont happen between apps.
If you use the JAAS module, this token management is automatically provided by the framework so your application does not even know that its part of a SSO Federation. SSO happens automagically.
This is done using the SSO valves that you configure in your context.xml found in components/jboss_sso_tomcat5.
The valves obviuosly cannot be written to accomodate custom authentication usecases, hence they have to stick to the J2EE authentication standard which is JAAS.
I am sure you can look at the code in the valves and replicate it at the application level for your custom login mechanism.
Thanks
Sohil
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982556#3982556
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982556
More information about the jboss-user
mailing list