Announcement Announcement Module
No announcement yet.
Best approach for SSO on 2 web apps Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Best approach for SSO on 2 web apps

    Hi, I've been searching the last day or so on the best approaches for using SSO for 2 web apps. We have 2 separate wars that are deployed to the same container. We would like to make it so the user signs on once. I should point out, users do not go directly to the 2nd app, rather it is embedded in an iframe in the 1st web app. I was able to get SSO using BASIC authentication, but do not like that fact that users can't really log out. I've looked at CAS but feel that is a bit too much for our 2 apps. We don't plan on adding anymore.

    I've been looking at the Spring Security API to see if maybe we could write a custom filter or something along those lines. I was thinking if we were able to get the session id to the 2nd app, it could just verify its a legitimate session id, and log the user in. I'm not sure if that's possible (not to mention if that would be considered a secure approach.)

    We are hoping to avoid having to configure another web application.


  • #2
    Have you looked at the Spring Security - SAML extension?


    • #3
      Thanks for the reply. I've started looking at SAML and it seems along the lines of the CAS solution, more configuration. I was hoping we could avoid any more configuration at all possible.


      • #4

        I'm interested in this but the page about it is blank

        Any ideas where to find good documentation?

        cheers, john


        • #5
          I am not sure if this is still the most current, but the documentation can be found with the source code. It might be worth a post to the SAML forum to verify...