This content has been marked as final. Show 1 reply
I miss couple of things in the design of JBoss Federated SSO.
As I understand, browser sends the SAML based token to each application that participated in SSO.
1) When the SAML based token is added to browser? After the authentication of a user?
2) How the token is added to browsers? Which browsers support today storing of the SAML based token?
3) How the token is sends to an HTTP client? As an HTTP parameter? As an HTTP header? Something else?
the SAML-Token is handled between the two websites. The "token" as mentioned in the fed-sso-wiki is a cookie which is stored on a browser after a successful authentication.