[jboss-user] [Security & JAAS/JBoss] - Re: Identity/Access Management/SSO UseCases
do-not-reply at jboss.com
Mon Mar 17 23:38:05 EDT 2008
I would like to see more flexibility for JBossSX to interact with client for obtaining various type of credentials.
When doing SSO, it's almost impossible to avoid doing HTTP redirects, set and delete cookies and other HTTP operations.
It is therefore very beneficial to add a HTTP Callback to enable a JAAS Login Module to do all these stuff.
At the moment, there's only username password call back.
So developers have to workaround it using valves to interact with the user.
SAP WebAS' JAAS API is an example that has this HTTP Callback. Developing custom sso authentication module for SAP WebAS is a breeze because of this.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137257#4137257
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4137257
More information about the jboss-user