Announcement Announcement Module
No announcement yet.
Spring Security and External Application for Authentication (Single-sign-on) Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security and External Application for Authentication (Single-sign-on)


    I have a Spring based application that exposes 3 authentication choices for the user. Form based, Facebook Connect and a single-sign on from an external application. I'm not sure of the proper way to authenticate the last option.

    Application A (Spring Security based) Application B (non-spring based legacy app)

    Security Flow: -when a secured resource in application A is requested and the user is not authenticated, application A will redirect to application B where the user will be prompted with a login form and flow through application B's security flow. Application B will then do a HTTP POST to application A (via a callback url param sent with initial request) that consists of XML that will be validated in application A for its validity and if it passes the user should be authenticated in application A. What is the best approach for this scenario using Spring Security?

  • #2
    This sounds very similar to the SAML flow. I would take a look at the Spring Security SAML code. You could also look at the OpenIDAuthenticationFilter or CasAuthenticationFilter code which both do Single Sign On and have a similar workflow.