2 Replies Latest reply on Jan 16, 2007 7:28 AM by rabbuhl

Single sign-on

rabbuhl Jan 12, 2007 11:14 AM

I am working on porting a web application to the JBoss Portal. The web application has a login screen which provide authentification. I have successfully created a portlet which displays this authentification jsp and it works. We are planning to refactor the web application into separate portlets and I am wondering how to implement the concept of single sign-on. What does this mean and how is it generally implemented?

Richard.

1. Re: Single sign-on

soshah Jan 12, 2007 11:18 AM (in response to rabbuhl)

Richard-

Look at our Single Sign On project as a starting point:

Here is the documentation

http://labs.jboss.com/portal/index.html?ctrl:cmd=render&ctrl:window=default.wiki.WikiPortletWindow&page=Jbosssso&language=EN

Also, for simple virtual host based single sign on approach, you can look at the Tomcat approach documented in our portal docs

Thanks
Sohil
Actions
2. Re: Single sign-on

rabbuhl Jan 16, 2007 7:28 AM (in response to rabbuhl)

Our web application is written using struts and I am using the struts bridge in order to allow it to run under the JBoss Portal. The logon JSP page for our web application invokes an Java action to handle the authentication.

I am not sure whether for the portal we should first make the user pass authentication or whether we should show the portal and only require authentification when the user tries to access a protected area.

If we require initial authentification then I need to invoke our logon JSP when the portal starts up. I can only guess that this would need to be done by modifying tomcat?

If we defer authetification then I am not sure how to cause the logon to occur when the user accesses a protect page or portlet.

Richard
Actions

Go to original post