1 Reply Latest reply on Feb 16, 2009 2:54 PM by meme

    JBoss Federated SSO : How browsers can send and store a SAML

    michaelf

      Hi!
      I miss couple of things in the design of JBoss Federated SSO.
      As I understand, browser sends the SAML based token to each application that participated in SSO.

      1) When the SAML based token is added to browser? After the authentication of a user?
      2) How the token is added to browsers? Which browsers support today storing of the SAML based token?
      3) How the token is sends to an HTTP client? As an HTTP parameter? As an HTTP header? Something else?

      I will appreciate any explanation.
      Best regards,
      Michael

        • 1. Re: JBoss Federated SSO : How browsers can send and store a
          meme

          Hi,

          "michaelf" wrote:
          Hi!
          I miss couple of things in the design of JBoss Federated SSO.
          As I understand, browser sends the SAML based token to each application that participated in SSO.

          1) When the SAML based token is added to browser? After the authentication of a user?
          2) How the token is added to browsers? Which browsers support today storing of the SAML based token?
          3) How the token is sends to an HTTP client? As an HTTP parameter? As an HTTP header? Something else?


          the SAML-Token is handled between the two websites. The "token" as mentioned in the fed-sso-wiki is a cookie which is stored on a browser after a successful authentication.

          Marc