At our company we would like to implement single sign on for most of our web applications. We have a cluster of jboss servers. We prefer not to use any other frameworks. So I think we can use the ClusteredSingleSignOn valve. But as far as I understand we then have to add a login screen into each application, the way jboss currently works. This is not really what we want.
The plan is to develop an additional tomcat valve that checks if an application is registered for single sign on and if so it redirects the request with the requested url to a web application with a login screen. This web application authenticates the user against the standard jboss security mechanism and if successfull it redirects to the web application requested by the user.
JOSSO does something similar in it's jboss plugin but like i said at my company we like to use JBoss and not just any open source. No matter how good it is.
Does this sound like a reasonable plan or am i missing something here?
Does anyone have any tips or suggestions?
Is something like it currently under development and should we for the time being add a screen to any web application ?