0 Replies Latest reply on Nov 30, 2006 6:44 PM by Nipun Batra

    SSO Specific Usecase

    Nipun Batra Newbie


      I am using JBOSS SSO with JAAS based approach and everything works great for me.

      But we have one typical requirement.
      I have two Applications Running on 2 different machines

      On our application A user logs in with information clientID, username and password, (In JAAS scenario clientID+username makes the principal).

      Now we have functionality that on application A itself, same user can switch its clientID,

      User Logs into Application A with

      ClientID: 1234
      password: protected

      After that user wants to switch ClientID but username still remains the same e.g.
      ClientID: 5678
      password: protected

      For this scenario, the moment user switch clientID we logout the user by invalidating session and login automatically again with new clientid but same username and password.

      Now as we are using SSO I believe that we should call some function of SSO API, to tell the SSO framework that we have Automatically logged in the new user, please change token information accordingly, so that if I go to my partner Application B, I should see new user information.

      Is there any way we can achieve it?

      If I am not wrong same thing happens when we go from one partner application site to another after login.
      SSOAutoLogin automatically login the user and takes care of SSO Tokens also.

      Other thing I can think of is, After invalidating the session, we can call SSOManager.cleanToken(), (but this method takes a String Argument ssoToken whcih I am sure, what exactly it is) and after that login the user and SSO Framework will automatically takes care of new Token.

      Would appreciate of someone can help me clarifying this.