• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

I Want My JSF Web Application to Use an OpenID Connect SSO Server

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have several JSF web applications that are running on Tomcat.  My company has started developing applications in .NET including a SSO server using OpenId Connect.  I was hoping that I could updated my JSF applications to use the SSO server.

Is this possible?  If so, what technologies should I consider to get my JSF on Tomcat application to be a client to OpenID Connect?

I apologize for my ignorance in this area.  I have tried to search the internet and there are so many technologies and implementations that I feel too overwhelmed.  I can learn a new thing, but I don't know what I should learn.  Any guidance would be greatly appreciated!

Thank you!
 
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, J2EE/JEE - including Tomcat - do support Single Signon!

Any webapp that employs J2EE Container-Managed Security will automatically run in an SSO environment.

Tomcat uses plug-in modules called Realms to manage the interface to external security services. The most popular SSO Realm is the CAS Realm, which comes from Yale, I think. I don't know if it has specific hooks into OpenID Connect, but if not, it's not chances are that there is a Realm module available from somewhere that does. Or you can always write your own.

One thing to note is that in a Windows shop there can be 2 types of "single signon". One is where you log into your Windows workstation and your login identity is carried over to the in-house webapps. The Linux/Unix equivalent would be to use Kerberos. However in a rare fit of security consciousness, Microsoft didn't enable this in Internet Explorer by default (I can't speak for Edge), so a registry setting must be changed for every workstation that wants to take advantage of it.

The other type of SSO (which is probably what you're looking at, if you're using OpenID) doesn't use the Windows authentication system - it establishes an Internet security Realm for all participating applications. In that event the first attempt at accessing a secured resource on any app in the Realm would trigger a request for login. This allows users who aren't on the in-house LAN (and may not be running Windows at all) to enjoy SSO benefits.
 
reply
    Bookmark Topic Watch Topic
  • New Topic