[jboss-user] [Security & JAAS/JBoss] - Re: federated SSO framework and http cookies
kenyee
do-not-reply at jboss.com
Fri Nov 10 15:36:09 EST 2006
"sohil.shah at jboss.com" wrote : I have gotten community feedback that besides the username, and password parameters, there needs to be provision for sending in more information as criteria to perform a successful login. This will be addressed so that the LoginProvider interface can be made more generic
|
Thanks for the reply, Sohil.
As part of the LoginProvider framework, if we could have some generic interface that lets us tuck away name/value bits of info, I think it'd be useful (we can then save off info like Windows Domains, securID tokens, etc.). It'd also be useful if we could get/set http cookies via that interface (e.g., "set cookie for your SSO domain").
The use case for the latter case would be: multiple web server types in same domain. You login to one web server, which injects a cookie into your web browser. You then hit another web server in your domain, and that web server can use that cookie for validation. It's a somewhat crude way to do an SSO-like or remember-me-like login.
If I understand correctly, the SAML token does this in a similar way, but I don't know if you can map from a SAML token to valid authentication information on each web server easily so that your web app on the second server is logged in properly (your LoginProvider seems to depend on a username/password). I guess it'd really help if there's an example that shows how SSO works in a "remember me" type of application...
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985038#3985038
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985038
More information about the jboss-user
mailing list