[jboss-user] [Security & JAAS/JBoss] - federated SSO framework and http cookies

sohil.shah@jboss.com do-not-reply at jboss.com
Mon Nov 6 15:47:26 EST 2006


-----Original Message-----
From: kenyee at keysolutions.com [mailto:kenyee at keysolutions.com]
Sent: Monday, November 06, 2006 1:46 PM
To: Sohil Shah
Subject: federated SSO framework and http cookies


Hi Sohil,

You guys really need to let people comment on the JBoss blog :-)
Quick question for you: can the federated SSO framework
retrieve and inject http cookies as part of user validation?
I looked at the wiki entries and the api for the LoginProvider
class doesn't seem to let you do this.

Two use cases I'm thinking of:
1) a "remember me" checkbox next to the username/password field
that lets users hit that site for a while after logging in once
2) another web server on the same domain that puts in a
session cookie of a logged in user (i.e., you log into that web
server, the cookie is generated for your domain, then you go
to the jboss federated server and autologin)

thanks,

 ken


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983552#3983552

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983552



More information about the jboss-user mailing list