[jboss-user] [Security & JAAS/JBoss] - Re: Jboss SSO Questions

sohil.shah@jboss.com do-not-reply at jboss.com
Wed Mar 18 11:42:39 EDT 2009 

anonymous wrote : 
  | 1. Once I successfully logged in to the application, if I open a new Brower and access the same application, it asks for login again.
  | Is there a way to make the sso cookie persistent for a certain time and reused by all browser sessions from same machine? 
  | 

JBoss SSO uses http cookie to manage security tokens. Cookies by design are not usable across different Browser processes. The cookie can be used only within the context of the Browser process. However, multiple tabs within the same Browser process should be supported



anonymous wrote : 
  | 2. Can we have a centralise login page for Jboss sso, which will be shown to user for login data, irrespective of the application ?
  | 

JBoss SSO by design has a de-centralized architecture for managing an authenticated session across a Federation of web applications both in-domain/cross-domain. With that in mind, web applications provide their own Login screen and Login Processor. For a central Login screen/Processor to be shared by all applications, you would need a dedicated web application that presents the Login Screen integrated with the JBoss SSO stack. Then within the individual web applications instead of presenting a Login Screen, you would provide an http redirect to this central web application. This should work in theory, as I have not tried it personally since its not one of the usecases that is typically used by JBoss SSO architecture

anonymous wrote : 
  | 3. Once authenticated, if the application needs to get user data ( like user id ) is there any way ? 
  | 

Once an authenticated session is established you should be able to access the user/identity information from your application's Security Context. Like for instance if you are using standard JAAS based authentication you should be able to access it in the Servlet layer via HttpRequest.getRemoteUser etc

Thanks

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4219148#4219148

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4219148

More information about the jboss-user mailing list