Anil as you have asked some thoughts about Single Sign On requirements.
Requirements:
The possibility to register partner applications (web applications on the same Jboss cluster) with Single Sign On and exclude other applications from SSO.
Central customizable login screen that comes with Jboss, that does authentication for all partner applications.
A standard mechanism for implementing the logout scenario in applications.
An event mechanism on which custom auditing of authentications and application access can be plugged in.
What happens if the user is not authorized for the second web application he accesses (multiple security domains).
If you want use cases in another format please contact me.
Bye,
Joris Wijlens
