[jboss-user] [Security & JAAS/JBoss] - JBoss Federated SSO: Does it support?

[ArjunDhar]

Hi,
 I'm in the process of evaluating certain OpenSource Solutions. I've looked at CAS, JOSSO and OpenSSO. Also our owd solution but then the security audit on that would be more stringent and hence consume more time, apart from development.

For better or for worse my client has bought support from JBoss. So we would rather go for a JBoss solution.

Now, I read about JBossSX and then the JBoss SSO. 

Q1) Is JBoss SX a pre requisite for JBoss SSO?? 
Q2) If so, how and why? (For HOW a link would suffice that talks of integration). (I hope not!)

Q3) More Importantly, I'm lookin at the following features in JBoss SSO:
 3.1. Ability to attach a Web filter (Servlet 2.3 Sepc) in the 3rd part App which can be on any App/Web Server. The filter will communicat with the SSO server. This reduces integration cost.
 3.2. Do I have to recompile it for JDK1.4
 3.3. Is there a dependency on a specific JBoss App Server version or can we run it on a JBoss 3.2.7 also?
 3.4. Can I run it on Tomcat?
 3.5. Configure, SSO sessions time outs
 3.6. Attach a Bean(s) to a SSO session; so we can expose a serivce to request for information about that session without hitting the database
 3.7. Configure things like Person can login once with credentials only, or can have multiple login-ins.
 3.8. SSO Sessions should extend or be normal Web Server sessiosn or if not then provide support for clustering, for session replication.
 3.9. Whats the underlysing principle behind the SSO? Like CAS is based ona Kerberosv5 based protocol.

... Would appreciate help in any way.

Thanks,
Arjun

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4122879#4122879

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4122879