Win a copy of Murach's Java Programming this week in the Beginning Java forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

I Want My JSF Web Application to Use an OpenID Connect SSO Server  RSS feed

 
David Squire
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have several JSF web applications that are running on Tomcat.  My company has started developing applications in .NET including a SSO server using OpenId Connect.  I was hoping that I could updated my JSF applications to use the SSO server.

Is this possible?  If so, what technologies should I consider to get my JSF on Tomcat application to be a client to OpenID Connect?

I apologize for my ignorance in this area.  I have tried to search the internet and there are so many technologies and implementations that I feel too overwhelmed.  I can learn a new thing, but I don't know what I should learn.  Any guidance would be greatly appreciated!

Thank you!
 
Tim Holloway
Saloon Keeper
Posts: 18634
70
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, J2EE/JEE - including Tomcat - do support Single Signon!

Any webapp that employs J2EE Container-Managed Security will automatically run in an SSO environment.

Tomcat uses plug-in modules called Realms to manage the interface to external security services. The most popular SSO Realm is the CAS Realm, which comes from Yale, I think. I don't know if it has specific hooks into OpenID Connect, but if not, it's not chances are that there is a Realm module available from somewhere that does. Or you can always write your own.

One thing to note is that in a Windows shop there can be 2 types of "single signon". One is where you log into your Windows workstation and your login identity is carried over to the in-house webapps. The Linux/Unix equivalent would be to use Kerberos. However in a rare fit of security consciousness, Microsoft didn't enable this in Internet Explorer by default (I can't speak for Edge), so a registry setting must be changed for every workstation that wants to take advantage of it.

The other type of SSO (which is probably what you're looking at, if you're using OpenID) doesn't use the Windows authentication system - it establishes an Internet security Realm for all participating applications. In that event the first attempt at accessing a secured resource on any app in the Realm would trigger a request for login. This allows users who aren't on the in-house LAN (and may not be running Windows at all) to enjoy SSO benefits.
 
Well behaved women rarely make history - Eleanor Roosevelt. tiny ad:
Thoughts on deprecation in Java
https://coderanch.com/t/683016/java/Deprecation-Java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!