0 Replies Latest reply on Aug 31, 2005 5:36 AM by Anders Engström

    "Single SignOn" from WebStart application to WebApp

    Anders Engström Newbie


      We're having an interesting problem:

      We have an application with a primary client that is a Java WebStart application. The JWS client uses business logic published by SLSB's in a JBoss 4.0.2 server.

      The JWS client uses JAAS (ClientLoginModule) to authenticate itself with the EJB-tier.

      A small portion of the application has been rewritten as a web-application configured with form-based authentication. The webapp uses the same EJB's as the JWS client.

      To access the web-application a browser is launched from the JWS (using standard Java WebStart API) to the URL of the web-application. At this point the user must authenticate himself with the web-application (using the login-form).

      Our users are getting tired of having to log in to the JWS application, and then re-authenticate themself every time they access the web-application.

      I'm trying to solve this issue - but I'm not sure what the best way to do this is... Currently I'm thinking of creating a "one-time" authentication token (register it in the database) from the JWS client just before the browser is launched. The URL would contain this token (and userID) and a servlet would verify that the token matches (and then remove the token from the DB).

      The servlet would then *somehow* notify Tomcat and JBoss that the user is authenticated and then redirect to the "real" page. Hopefully this would stop the login-form from being shown as the user would already be logged in.

      I've been battling the Tomcat API's to see how/if this can be done, but so far no success.

      Is there a recommended way to "override" the configured form-based login and make sure that the user gets authenticated using some other kind of custom authentication (such as an authentication token)? Note that the web-application must still be accessible without starting it from the JWS client.

      Any comments/ideas are welcomed!