On a WebSphere system, SSO is done with something called an LTPA token. The server that does the authentication creates an encrypted token and passes it back to the client browser as a cookie. The browser then passes that token to other servers in the same domain. Servers that can decrypt the cookie can use that to create an authentication session.

This is a common pattern, and I wouldn't be surprised if there's an open source project that could do something similar. Maybe Spring Security?

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Holm, Paul
Sent: Thursday, April 19, 2012 1:41 PM
To: web400@xxxxxxxxxxxx
Subject: [WEB400] Single Signon With Different Web Servers

We have a customer with an existing customer portal solution. Customer signs in with account number and password to a JBOSS server. This allows
customer to see their account data and other customer information. We
plan to deploy on a new application to a different Tomcat server within the same network. Customer requires a single signon amongst the 2 applications. IE... After signing on the 1st JBOSS application, they want to present a link to the new application but don't want to make customer enter account number and password again. The new application needs access to the account number and password in order to lookup customer equipment and account information. We obviously need to make sure it is secure and don't want to pass account numbers and passwords on a URL. We do plan to use SSL.

We are looking for ideas on how to best enable this requirement.

Thanks Paul Holm

www.planetjavainc.com
--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.