I want to implement SSO with SAML tokens in JBossAS.
The scenario is as follows.
- I have 2 applications app1 and app2 running on 2 JBoss instances.
- Login into app1 and enter username / password using form based auth.
- Once login, click on the link that should be redirected to the app2 page.
- This should use SSO with SAML tokens on JBossAS for authentication and authorization of users.
Can anyone let me k开发者_运维问答now how to do this?
I just now found your question and noticed it is still not answered. You can take a look at JBoss picketlink. Said page describes the federation support in JBoss 5+ and Tomcat 5.5+.
Supported protocols are SAML2, WS-Trust and Open ID.
Since SAML2 users Assertion after authentication, using pure SAML2 on both apps would require you to register both apps as Service Providers - I believe.
I did a workaround using JBoss/Tomcat SSO valves: My (Seam) app 1 uses SAML2 for authentication and my other apps simply reuses that Principal (username, roles) created in the first app. I believe this corresponds to your situation. Log in at app 1, security constraint in app2, no log in in app2.
I had to create a custom valve to achieve this https://github.com/jensaug/jbossweb-customsso
/Jens
精彩评论