Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JBoss Seam - Single Sign-on

 
Mourouganandame Arunachalam
Ranch Hand
Posts: 396
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does Seam support Single Sign-On? If yes, could that can be extended at OS level SSO? (example, users logged into windows desktop can seamlessly access seam apps without login?)

How about security handled in Seam?
 
Jason Porter
Author
Ranch Hand
Posts: 126
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Seam currently has support for OpenID and OpenSSO (http://docs.jboss.com/seam/latest/reference/en-US/html/security.html#d0e13534) support is coming. There are also many forum postings and blogs about getting OSS to work with Seam, simply Google for them
 
Michael Yuan
author
Ranch Hand
Posts: 1427
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Security is actually a very strong point of Seam. Seam has its own security framework that does much more than most other web app security frameworks. It provides permission-based, and role-based access controls at the object level.

I am not sure how the OS native SSO works -- does the browser pass through some kind of security token to the web app? Can you just make the browser remember the username / password and auto-login?
 
Jacob Orshalick
Author
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
example, users logged into windows desktop can seamlessly access seam apps without login


I have actually been working through this with JBoss Negotiation and Kerberos authentication. The UserPrincipal gets initialized in the web context by JBoss Negotiation and you can use this principal to auto-login the user with a custom authenticator. Your authenticator can also use the user information to retrieve the roles associated with the user or if you are using Seam 2.1 by providing a role identity store. You can also provide an identity store for fallback authentication (e.g. through LDAP or some other means) should the Kerberos authentication fail.
 
Mourouganandame Arunachalam
Ranch Hand
Posts: 396
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the information Michael & Jacob...
 
xiaodu liu
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jacob.

I wonder if you have any blog talking about the jboss seam sso using jboss negotiation. I am very interested in to know how it works. Thanks.
 
Peter Johnson
author
Bartender
Posts: 5852
7
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
xiaodu, please do not wake the zombies. Instead, please ask your question in a new post.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic