1 Reply Latest reply on Nov 10, 2005 12:21 PM by brian.stansberry

    Single Sign On (SSO), Cluster, and a WAN.

    jeffbannister
    jeffbannister Nov 9, 2005 10:28 AM

      Hi,

      My company has two applications deployed as EAR files. One of these applications runs in a JBoss cluster on one side of the world (main app) and another runs a single JBoss server on the other side (second app).

      I would like to be able to acheive SSO between these two applications i.e. users who authenticate with the main app are able to use the second web app.

      I have read that is possible to acheive SSO between web applications within a cluster. So my first thought was to put the single JBoss server into the cluster with the machines across the WAN. My concern is whether this kind of configuration is just sensible as the servers are so far apart?

      Can servers in a JBoss cluster be separated by a WAN? what are the implications of doing so?

      The only reason for wishing to add the server into the cluster is to acheive SSO between the two web apps. If there a way to acheive the same things with JBoss servers that are not in a cluster e.g. Using JBossCache to replicate security information between the server on user logon?

      I am using JBoss v4.0.2/JDK 1.4.8_06.

      Regards,

      Jeff.




      • 2667 Views
      • Tags:
        • 1. Re: Single Sign On (SSO), Cluster, and a WAN.
          brian.stansberry
          brian.stansberry Nov 10, 2005 12:21 PM (in response to jeffbannister)

          Initial point: at the moment, JBoss's SSO feature uses a cookie to track the sso, and that cookie is scoped to a single hostname. So, if the URLs to your two apps were like this:

          www.xyz.com/app1
          www.xyz.com/app2

          then Clustered SSO would work. If they are like this:

          app1.xyz.com
          app2.xyz.com

          it won't work. I would expect that if the 2 apps are hosted in completely different locations their URLs patterns would be more like the 2nd case.

          We certainly have users who run a cluster over a WAN, and you can configure ClusteredSSO to use its own cache, which would have a JGroups config tuned to running over a WAN. Biggest difference from the default JGroups configs that JBoss uses is the use of TCP instead of UDP. I can explain more about that if the URL issue above isn't a showstopper.

            • Actions