[jboss-user] [Security & JAAS/JBoss] - Re: Problem with SAML in cookies

[ajls]

Doh! Missed the README - thanks for the prompt response.

Just as an aside, the SSO integration is quite closely coupled with J2EE HTTP, and we have requirement to have single-sign on between non-HTML/HTTP and HTML/HTTP JBoss-bound applications. i.e. non-HTTP WS where session management is being handled 
by WS-Addressing (Cookies are ruled out due to our WS architecture)  and an AMF (Adobe's Active/Action Media Format) interface where session management is buried in proprietary binary.

I am most likely going to have to build an adaptor to JBossSSO for AMF (we already have a cluster friendly non-SAML SSO between WS and AMF), but find that it will be quite hard to decouple the HTTP and SSO concerns in the current implemntation of JBossSSO.  (i.e. references to javax.servlet.* classes in token management and federation server integration).

Are there any plans on the roadmap for de-contextualising the SSO integration ? i.e. SSO2.0 - had a quick scan of JIRA but saw nothing similar - except for the Oracle SAML integration which we may also need).

JBossSSO is looking good for us now and like the SAML integration as it fits nicely into our SOA roadmap.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4036416#4036416

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4036416