I use Seam 2.2.1.CR1 on Weblogic 10.3.2 (11g). I want to use an external SSO (the proprietary one Oracle provides, based on OID). I would like to integrate this external login (the login screen belongs to the SSO). Please note that I don't want to use an LdapStore. If I got this right, this would require me to have a login page through my application, which would then somehow connect to the LDAP and login. I want to use the external login screen provided by the SSO.
I don't see the procedure of using this SSO to login to be any different than using any Authenticator of WebLogic. Both with the SSO and with the BASIC authentication on the Default Authenticator, the application-wise result is the same: the user enters the application and on each HttpServletRequest the method getRemoteUser() returns the username with which the user logged in (either on the SSO or the BASIS login), and the .isUserInRole('blah') returns true/false depending on the roles assigned through the authentication. So, I see the two authentications to be exactly the same, programming-wise.
My question concerns how this can be integrated with the Seam Security. Seam in Action explains how a custom login screen can be included in the application, which populates the Identity component and the Credentials components. Seam then uses these components to apply the high-level security restrictions, like s:hasRole.
However, in my application I DON'T want a login screen. All I want is to be able to somehow use the Seam Security with what I already have: The roles and username in the HttpServletRequest.
I have found this thread (See at the end), but I am not sure I quite understand. A question, for instance, is if extending the Identity is what I need.
Another question is that in Seam in Action Dan Allen says that having a login page is mandatory, which I don't want to have. From page 449:
Only Seam isn’t going to know where to direct a nonauthenticated user when this
page is requested because you haven’t specified a login page. If a login page hasn’t
been set, Seam throws a NotLoggedInException.
Generally, I think that integrating an external SSO (or any Application Server authenticator) with Seam is still poorly documented, although it is a very common business requirement. I guess we'll all hang in until the guys finish with Seam 3.
Meanwhile, any general / specific directions?