6 Replies Latest reply on Jun 1, 2013 8:08 PM by Andre Hopkins

    How to implement Single Sign On

    nille m Newbie

      Hi everybody,

      I have the following problem. My current application is using a simple Login page with login form and an Authenticator implementaion (@Name(authenticator) for actual authentication logic. Any request for a page is redirected to the Login page if the user is not logged in (#{identity.loggedIn}). That's working fine.

      Now I want to add the possibility to use a Single-Sign On solution. I thought the best approach would be to implement a filter which intercepts the request to the Login.page and calls the authentication method  before the user gets the login page. I tried it that way:

      public class SSOFilter extends AbstractFilter {
           private static final long serialVersionUID = 1L;
           public void destroy() {
                System.out.println("Destroy filter...");
           public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
                Identity identity = Identity.instance();
                chain.doFilter(req, resp);
           public void init(FilterConfig arg0) throws ServletException {
                System.out.println("Init filter...");

      But I get an exception in line identity = Identity.instance();  of this type: java.lang.IllegalStateException: No active session context. If that's the correct approach, how can I make sure that all needed Contexts are there and how can I use the provided Identity? If that's not the way one should do it: what's the suggested way if I want to keep the possibility of the login with the Login page?

      Best regards and thanks a lot in advance :),


        • 1. Re: How to implement Single Sign On
          nille m Newbie

          I found the method org.jboss.seam.contexts.Lifecycle.beginCall();. After calling that I have access to the needed Context objects, eg. Identity. But the question still is: is that the preferred approach for implementing SSO? Keeping the Login page / Login form described above is not longer a must if that simplifies the whole thing.

          Any hint is highly appreciated :-)

          Kind Regards,

          • 2. Re: How to implement Single Sign On
            nille m Newbie

            For anyone who wants to know: I implemented the SSO funcionality by an Authenticator and used some navigation rules.

            Kind Regards,

            • 3. Re: How to implement Single Sign On
              John Gunvaldson Newbie

              Facing the same SSO issues pretty much.

              Thank you for the above details, I am still testing various scenarios. I have success with good logins, having to deal with bad logins is becoming more difficult.

              1. where is the initial call made to identity.login in your setup?
              2. how do you handle failed authentication, (pages.xml call to send to the logout page) without causing the automated login to kick in again, and start a loop?
              3. are you still using filter (like above)?, interceptor? overrides?

              Thanks for any additional insight.



              • 4. Re: How to implement Single Sign On
                Gilbert Ghazal Newbie

                hey Pete,
                can u please explain more how did u call the org.jboss.seam.contexts.Lifecycle.beginCall(); function? coz i'm having the same issue here. and also if possible the changes in the web.xml and pages.xml if any.
                thanks in advance

                • 5. Re: How to implement Single Sign On
                  Gilbert Ghazal Newbie
                  never mind i figured out how to use the beginCall method but i'm stuck with how to bypass the following navigation rule in the login.page.xml:
                  <navigation from-action="#{identity.login}">
                        <rule if="#{identity.loggedIn}">
                           <redirect view-id="/pages/interfaceSummay.xhtml"/>
                  • 6. Re: How to implement Single Sign On
                    Andre Hopkins Newbie

                    Hey guys, it's two years later and I am running into the same problem.  Can someone please share with me what navigation rules I need to implement to get the SSO capability to work?  I have my authenticator already working for a single user login.