Seam Security without JASS using SiteMinder?

rmcdonough May 19, 2008 2:20 PM

I'd like to know if Seam can support handing off authentication to another system such as CA SiteMinder? My current project is using SiteMinder and the infrastructure is configured in such a way that the Web Server forwards all requests to the application server. When a user requests a protected resources, SiteMinder intercepts the request and handles the authentication activities on a completely sepatate system. In this set up, the application server does not actively participate in the authentication process until the user has been authenticated.

I'd like to leverage Seam's security features, but I'm not sure if this is even possible with Seam given this configuration. Since this set up is not leveraging JAAS in anyway shape or form, I obviously have some challeneges. With that said, I'd like to know if it is possible to have Seam delegate to a login form that it does not manage (hence Seam is not collecting the username and password) and can determine teh autentication status by looking at the reponse by the external application?

Ryan-

1. Re: Seam Security without JASS using SiteMinder?

didi1976 May 19, 2008 3:35 PM (in response to rmcdonough)

I am in a similar situation with SUN Identity Manager.

For the moment I got an idea from a blog about SSO using NTLM:

Windows SSO with JBoss Seam

The trick is the autoLogin-Method which checks the context. Then you can preset the identity. It is automatically called if the user is not logged in.

A servlet filter puts the info about the user into the context.

I did not have the time to try it till now but maybe this info will help you.
Actions
2. Re: Seam Security without JASS using SiteMinder?

rmcdonough May 19, 2008 4:45 PM (in response to rmcdonough)

Wow, thanks Dietmar, this was a big help! If I make any progress on this with SiteMinder, I'll share my findings.

Ryan-
Actions

Go to original post