We have an application with multiple authentication mechanisms needed. Our users can connect either by login/password or either by hardware tokens.
I use picketLink as SP.
I thinked about it, but I have absolutely no idea on how to share this 2 mechanisms in the same WAR.
To summarize the behavior,
- The web.xml uses <security-constraint> to allow access or not to restricted page (no way to choose the authentication method here)
- The jboss-web.xml allow only one <security-domain>... no way.
- The login-config.xml from jboss AS 5.1 allow multiple <login-module> in the application policy. But I cannot tell it to use this or another IDP depending on a parameter...
- picketLink uses a <ServiceURL> in its xml configuration file. Perhaps there is a way to dynamically change this url ? But how can I tell it to use a specific url if user goes to "login.jsp" and use another if user goes to "token.jsp" ?
Please, help me !
Is creating 2 WARs in the EAR my only hope ? But then, must I create a third project to contain the common resources (JSP, CSS, etc) ?