2 Replies Latest reply on Mar 19, 2009 3:12 AM by Jibu Thomas

    Jboss  SSO  Questions

    Jibu Thomas Newbie

      Hi

      I am evaluating Jboss sso and I am able to do a sample application , using a custom LoginProvider implementation.
      I have some issues and it would be of great help if you could answer following questions.

      1. Once I successfully logged in to the application, if I open a new Brower and access the same application, it asks for login again.
      Is there a way to make the sso cookie persistent for a certain time and reused by all browser sessions from same machine?

      2. Can we have a centralise login page for Jboss sso, which will be shown to user for login data, irrespective of the application ?

      3. Once authenticated, if the application needs to get user data ( like user id ) is there any way ?

      Please help

      Jik

        • 1. Re: Jboss  SSO  Questions
          Sohil Shah Master

           


          1. Once I successfully logged in to the application, if I open a new Brower and access the same application, it asks for login again.
          Is there a way to make the sso cookie persistent for a certain time and reused by all browser sessions from same machine?


          JBoss SSO uses http cookie to manage security tokens. Cookies by design are not usable across different Browser processes. The cookie can be used only within the context of the Browser process. However, multiple tabs within the same Browser process should be supported




          2. Can we have a centralise login page for Jboss sso, which will be shown to user for login data, irrespective of the application ?


          JBoss SSO by design has a de-centralized architecture for managing an authenticated session across a Federation of web applications both in-domain/cross-domain. With that in mind, web applications provide their own Login screen and Login Processor. For a central Login screen/Processor to be shared by all applications, you would need a dedicated web application that presents the Login Screen integrated with the JBoss SSO stack. Then within the individual web applications instead of presenting a Login Screen, you would provide an http redirect to this central web application. This should work in theory, as I have not tried it personally since its not one of the usecases that is typically used by JBoss SSO architecture


          3. Once authenticated, if the application needs to get user data ( like user id ) is there any way ?


          Once an authenticated session is established you should be able to access the user/identity information from your application's Security Context. Like for instance if you are using standard JAAS based authentication you should be able to access it in the Servlet layer via HttpRequest.getRemoteUser etc

          Thanks

          • 2. Re: Jboss  SSO  Questions
            Jibu Thomas Newbie

            Thanks Sohil. This helps.

            Jik