Version 36

    Welcome to JBoss Federated SSO Project


    IMPORTANT NOTICE:  Please discontinue use of JBoss Federated SSO. You need to use JBoss Identity ( for your needs.



    JBoss Federated SSO:


    Single Sign On (SSO) is a specialized form of user authentication that enables a user to be authenticated once, and gain access to resources on multiple systems/web applications during that session.


    The benefits of using Single Sign On across your federation of web applications consist of:


    • Helps consolidate silos of identity stores that have cropped up over time with multiple web applications.


    • Improves user account provisioning process dramatically.


    • Provides a better end user experience using web SSO.


    • Improves efficiency when integrating user access to new applications including 3rd party ASP services like


    • Enables secure intra-company access to applications between enterprises and their partners, suppliers, and customer organizations.




    The JBoss SSO Framework is a collection of components that software developers can easily integrate within their existing web applications to create a federation of trusted web sites. The framework has support for important SSO standards such as SAML. The system consists of the following components:


    • Federation Server - A Federation Server is used for securely propagating the Federation Token across web applications located in different security domains


    • Identity Management Framework - This is a flexible/pluggable Java API to connect to central identity stores. The system ships with a Provider to connect to LDAP based Identity Stores


    • Token Marshalling Framework - This is a flexible/pluggable Java API to marshal/unmarshal a Federation Token. The system ships with a SAML-compliant Marshaller



    Here is a an index of wiki pages to get you going on JBoss Federated SSO:










      • Integrating an Identity Management Module into the JBoss SSO system is the most important step for glueing all the rest of the components together. Once this is successfully done, an end-to-end Single Sign On Federation of applications can be easily achieved.\





      • This covers integrating the ability to perform automatic Single Sign On / Sign Out into any arbitrary web application.\










      • This gives a developer a big picture of all the components of Federated SSO and how they are integrated with each other. It also provides a checklist of steps a developer must achieve to enable end-to-end Federated SSO.