[jboss-user] [JBoss Portal] - Re: Using JBoss Portal and CAS to implement SSO for external
do-not-reply at jboss.com
Tue Feb 19 08:56:25 EST 2008
Then how do you integrate an external application if not using some kind of iframe portlet? The integration works fine, as long as no authentication is required.
CAS creates a cookie (TGC, Ticket Granting Cookie) which allows you to get a service ticket. The mentioned cookie is (as it seems to me) valid for the HTTP session of the portal, but as soon as the iframe portlet tries to load the external application, another HTTP session starts, requiring authentication as well and thus presenting the CAS login screen. This is visible viewing the session ids in the browser.
CAS is working correctly as it detects an unauthorized session and I've not been able to pass the original cookie from the portal session to the portlet.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4130403#4130403
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4130403
More information about the jboss-user