• Post Reply Bookmark Topic Watch Topic
  • New Topic

Single Signon with JAAS/SAML

 
Gigi Ng
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have three types of application in my system...
1. Web application (browser-based)
2. Java application
3. C++/vb application
All log in will be handle by a login web service. Thus, if I log into the C++ application, it will access the login web service. If the user has been authenticated by logging into the C++ application, how can I allow the user to access the web application without having to sign in again (i.e. single sign-on across web applications and non-browser applications).
I was thinking that I'll pass the workstation identification back to the server and the server will return something that indicates whether the user has been authenticated on this workstation already. But I am worried that this can be a security hole...
Any ideas will be welcomed.
thanks,
 
imran tariq
Greenhorn
Posts: 24
Eclipse IDE Firefox Browser Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One best option is to use SAML and OpenSAML libraries. Google is doing the same for its apps.
Once you will login from your any application then a key will be set and if you tried to access another application it will allow you to access because of that key.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!