This content has been marked as final. Show 2 replies
We have written a custom [Form] authenticator, which is basically the same as the default FormAuthenticator, except that it redirects to a URL outside of the web context. (After looking at the code in the FormAuthenticator it appears that the web context path is always prepended to the login URL.) It also creates our custom encrypted Single Sign On (SSO) cookie.
So the login page does the authentication and creates an ecrypted cookie. We then use a custom Valve to decrypt the cookie and tie into the existing JBoss/Tomcat SSO code.
So here are my questions:
1) Is there an easy way to register a custom authenticator (maybe like the Valves in the server.xml file), currently we had to change the Authenticators.properties file(s) inside of the catalina.jar and the tomcat50-service.jar. I don't like having to re-package the JAR files to achieve this.
2) Is there a more prefered way to handle the redirection to the centralized login page? I don't want to have to package a login.jsp in each of our web applications. If so, any suggestions as to where to create our SSO cookie?