Single Sign On

Dear Friends,


I have to do one task where user login in one application and there is one href link is provide, when user click on the link I have to take him into another application without authentication .i.e. without asking for username and password using post method and nothing should be caught in burb or sniffer not even encripted username and password. Suppose there are two application A installed on windows (JBoss server) and another on linux server.

How to create single sign on, application server on both side is JBoss. Below are my findings I can pass the username and password to application B but how to open the browser with login.

------------

package com.test; import java.io.BufferedReader; import java.io.InputStreamReader; import java.io.OutputStreamWriter; import java.net.URL; import java.net.URLConnection; import java.net.URLEncoder; public class postto { private void fetchURL() { try { // Construct data String data = URLEncoder.encode("username", "UTF-8") + "=" + URLEncoder.encode("abc", "UTF-8"); data += "&" + URLEncoder.encode("password", "UTF-8") + "=" + URLEncoder.encode("abc123", "UTF-8"); // Send data URL url = new URL("http://172.11.125.14:8080/center/login.do"); HttpURLConnection conn = url.openConnection(); conn.setDoOutput(true); OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(data); wr.flush(); // Get the response BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream())); String line; while ((line = rd.readLine()) != null) { System.out.println(line); } wr.close(); rd.close(); return; } catch (Exception e) { } } public static void main(String args[]) { postto au = new postto(); au.fetchURL(); } }

Welcome to CodeRanch!

Please, UseCodeTags.

Also, please CarefullyChooseOneForum.

Thanks.

Dinesh,

Passing the username and password through the URL is not safe.

I too, am researching SSO methods. There are several options but JOSSO appears
to be straightforward. I've yet to try it.

Hi Friends,

First of all Bill Clar thank you for the reply.

With the below HttpClient code I am able to send the data to another application and I can get the parameter but one question is how to open the application in browser after successful authentication.


public class SimpleHttpPut { public static void main(String[] args) { HttpClient client = new DefaultHttpClient(); HttpPost post = new HttpPost("http://abc.com"); try { List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1); nameValuePairs.add(new BasicNameValuePair("registrationid", "123456789")); post.setEntity(new UrlEncodedFormEntity(nameValuePairs)); HttpResponse response = client.execute(post); BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent())); String line = ""; while ((line = rd.readLine()) != null) { System.out.println(line); } } catch (IOException e) { e.printStackTrace(); } } } [/code]

The 4 major Java open source SSO solutions are mentioned in https://coderanch.com/how-to/java/SecurityFaq#web-apps

CAS is a very popular SSO project.

It is easily configularable and maintainable.

See This Link