We have two web apps = App1 and App2 both deployed as war files in an app server. Both apps have no login feature to be able to use them.
There was a move made to combine these two apps and have a single sign on. Login page will be created in App1 and a link will be provided in App1 to get to App2, but you have to be logged in to see the link.
What I did was create an EAR project and added the two web modules of App1 and App2 into this single EAR and created login ang session logic the same way I do it for a single web app. It was just a proof of concept but it worked.
Is there all there is to this? are there any complications that can arise from this? By the way I am not looking into using third party software that provide SSO services. We don't have the time and money to use that. We're looking for the simplest, fastest and most secure way to implement SSO.