This content has been marked as final. Show 2 replies
1. Once I successfully logged in to the application, if I open a new Brower and access the same application, it asks for login again.
Is there a way to make the sso cookie persistent for a certain time and reused by all browser sessions from same machine?
JBoss SSO uses http cookie to manage security tokens. Cookies by design are not usable across different Browser processes. The cookie can be used only within the context of the Browser process. However, multiple tabs within the same Browser process should be supported
2. Can we have a centralise login page for Jboss sso, which will be shown to user for login data, irrespective of the application ?
JBoss SSO by design has a de-centralized architecture for managing an authenticated session across a Federation of web applications both in-domain/cross-domain. With that in mind, web applications provide their own Login screen and Login Processor. For a central Login screen/Processor to be shared by all applications, you would need a dedicated web application that presents the Login Screen integrated with the JBoss SSO stack. Then within the individual web applications instead of presenting a Login Screen, you would provide an http redirect to this central web application. This should work in theory, as I have not tried it personally since its not one of the usecases that is typically used by JBoss SSO architecture
3. Once authenticated, if the application needs to get user data ( like user id ) is there any way ?
Once an authenticated session is established you should be able to access the user/identity information from your application's Security Context. Like for instance if you are using standard JAAS based authentication you should be able to access it in the Servlet layer via HttpRequest.getRemoteUser etc
Thanks Sohil. This helps.