1 Reply Latest reply on Jun 18, 2008 5:16 PM by gjeudy

    Single Sign On and logout

    schamarthi.srinivas.chamarthi.gmail.com

      Hi,


      I am using JOSSO for single sign for my applications. Two applications are struts based and the one I am developing is seam based application.


      I had to remove seam based security from application and authenticating based on SSO-sessionId and keeping loggedInUser  in session in authenticator.authenticate


      when I logout, I want to remove session based data in the application. I am using the following code. Could anybody tell me if I am doing the things right ? appreciate your help in advance.


      code to authenticate the user


        public String authenticate()
          {
              //look for SSO Session Id
              HttpServletRequest request = (HttpServletRequest) facesContext.getExternalContext().getRequest();
              SSOUser ssoUser = (SSOUser)request.getUserPrincipal();
              String ssoSessionId = (String)request.getAttribute("org.josso.agent.ssoSessionid");
              
              if (ssoSessionId !=null && ssoUser !=null) 
              {
                   try {
                        User user = (User)em.createQuery("select u from User u where u.userName='"+ssoUser.getName() +"'")
                                  .getSingleResult();
                        if (user != null) {
                                  log.info("user #0 found in context",user.getUserName());
                                  Contexts.getSessionContext().set("loggedInUser",user);
                                  return "";
                        }
                   }catch(javax.persistence.NoResultException nre) {
                        facesMessages.add("Invalid login information. Please try again");
                        return "login";
                   }
              }
              
              return "login";
          }




      logging out the user



         public String logout() {
              Session.getInstance().invalidate();
      
              // why this is always printed as true ??  System.out.println(Contexts.isSessionContextActive());
              return "logout";
         }






        • 1. Re: Single Sign On and logout
          gjeudy

          Why are you not leveraging Seam security ? You just need to implement a custom authenticate method that runs your custom authentication routine. If you dont do so you lose alot of useful features as described here: Seam security



          Here's a guideline for Windows SSO with Seam security integration
          Windows SSO With Seam


          It is very similar to what you are trying to accomplish, just ignore the NTLM auth code and replace this with your JOSSO specific auth code. NTLM auth and JOSSO auth fulfill the same goal anyways.