On a WebSphere system, SSO is done with something called an LTPA token. The server that does the authentication creates an encrypted token and passes it back to the client browser as a cookie. The browser then passes that token to other servers in the same domain. Servers that can decrypt the cookie can use that to create an authentication session.
This is a common pattern, and I wouldn't be surprised if there's an open source project that could do something similar. Maybe Spring Security?
-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Holm, Paul
Sent: Thursday, April 19, 2012 1:41 PM
To: web400@xxxxxxxxxxxx
Subject: [WEB400] Single Signon With Different Web Servers
We have a customer with an existing customer portal solution. Customer signs in with account number and password to a JBOSS server. This allows
customer to see their account data and other customer information. We
plan to deploy on a new application to a different Tomcat server within the same network. Customer requires a single signon amongst the 2 applications. IE... After signing on the 1st JBOSS application, they want to present a link to the new application but don't want to make customer enter account number and password again. The new application needs access to the account number and password in order to lookup customer equipment and account information. We obviously need to make sure it is secure and don't want to pass account numbers and passwords on a URL. We do plan to use SSL.
We are looking for ideas on how to best enable this requirement.
Thanks Paul Holm
www.planetjavainc.com
--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/web400.
As an Amazon Associate we earn from qualifying purchases.