1 Reply Latest reply on Feb 16, 2009 2:54 PM by Marc Ende

    JBoss Federated SSO : How browsers can send and store a SAML

    Michael Furman Newbie

      Hi!
      I miss couple of things in the design of JBoss Federated SSO.
      As I understand, browser sends the SAML based token to each application that participated in SSO.

      1) When the SAML based token is added to browser? After the authentication of a user?
      2) How the token is added to browsers? Which browsers support today storing of the SAML based token?
      3) How the token is sends to an HTTP client? As an HTTP parameter? As an HTTP header? Something else?

      I will appreciate any explanation.
      Best regards,
      Michael

        • 1. Re: JBoss Federated SSO : How browsers can send and store a
          Marc Ende Newbie

          Hi,

          "michaelf" wrote:
          Hi!
          I miss couple of things in the design of JBoss Federated SSO.
          As I understand, browser sends the SAML based token to each application that participated in SSO.

          1) When the SAML based token is added to browser? After the authentication of a user?
          2) How the token is added to browsers? Which browsers support today storing of the SAML based token?
          3) How the token is sends to an HTTP client? As an HTTP parameter? As an HTTP header? Something else?


          the SAML-Token is handled between the two websites. The "token" as mentioned in the fed-sso-wiki is a cookie which is stored on a browser after a successful authentication.

          Marc