Announcement Announcement Module
No announcement yet.
Spring Security with OpenSSO Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security with OpenSSO


    I try to install an OpenSSO infrastructure to do SSO for a Spring app and a PHP (MODx CMS) app. I am not really familiar with SAML and OpenSSO workflow.
    The Spring apps (depoloyed in Tomcat) was so far securized by Spring Security 3.0 with login form.

    If I undrestand well I have 2 options to integrate it with OpenSSO :
    1- use the default Tomcat policy agent
    2- use the Spring Security extension made by Vladimir Schafer.

    What are the advantages and differences of the 2 approaches ?

    My goal is :
    1- to have both apps redirect the user to OpenSSO login page when not authenticate
    2- create user session on the app that requesting the authentification after OpenSSO authenticate the user
    3- Retrieve specific user settings depending of the app requesting the authentification, in particular roles of the user
    5- authorize access to ressources in my Spring app depending on role of the user (at the class and method level, not only URL)
    6- Single Sign Out

    Another questions : after authentification, does the app server request confirmation to OpenSSO server each time the user try to access a ressource (which could be a network bottleneck), or does it create a valid session and cookie and suppose the user is still logged (how single sign out can work in that case) ?

    Thansks for your advices.