You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jose Alberto Fernandez <ja...@cellectivity.com> on 2004/03/10 17:01:34 UTC
Using Tomcat to implement a Weblogic like SSO authentication
Hi, I am trying to evaluate migrating our application from Weblogic to a
Tomcat/JBoss environment. One of the main roadblocks at the moment is
our
reliance on the way SSO is done in weblogic.
In weblogic, even within the same virtual host, you can specify
different SSO
domains by defining diferent names for the sessionID parameter. All
webapps
sharing the same sessionID name will share the same user authentication
information. This is independent of whether the sessionID is passed as a
coockie or as a parameter of the request. So given the following URLs:
/app1/main.html;dom1Id=sdjhfaksjdhfa
/app2/other.html;dom1Id=sdjhfaksjdhfa
/app3/another.html;dom2Id=sdjhfaksjdhfa
In this case going from /app1 to /app2 will not require authentication
because the they use the same SSO information. But going to /app3 will
cause a login since the domain is different. Moreover, this needs to
work
without cookies. We have to shitch-off the use of cookies due to
problems in the session cookie handle by some Browsers.
Is such a configuration possible in Tomcat? Or, if not, does the Tomcat
API
provide what is needed so one can EASILY build such an authentication
module?
Any additional suggestions? I have looked and looked around for answers
on
this regard but found nothing.
Thanks in advance,
Jose