Single Sign On allows web applications to share the same authentication state.

GlassFish v2 supports virtual server level Single Sign On (SSO). Web applications with the same authentication realm in a given virtual server can share the authentication state in GlassFish v2.

GlassFish 3.1 supports SSO failover at cluster level. So one has high availability for Single Sign On in a virtual server of a cluster in GlassFish 3.1.

One can set up the SSO failover in a cluster easily as follows:

  1. Create and start a cluster.
    For instance, one can create a cluster with two instances having ports 18080 and 28080 respectively as follows:
    asadmin create-cluster ${CLUSTER_NAME}
    asadmin create-local-instance --cluster ${CLUSTER_NAME} --systemproperties HTTP_LISTENER_PORT=18080 instance1
    asadmin create-local-instance --cluster ${CLUSTER_NAME} --systemproperties HTTP_LISTENER_PORT=28080 instance2
    asadmin start-cluster ${CLUSTER_NAME}
  2. Enable SSO in a virtual server of the given cluster.
    asadmin set ${CLUSTER_NAME}.http-service.virtual-server.${VIRTUAL_SERVER}.sso-enabled=true
  3. Enable SSO failover for the given cluster.
    asadmin set ${CLUSTER_NAME}.availability-service.web-container-availability.sso-failover-enabled=true
  4. Use a cluster level realm for web applications.
    For instance, one can create a cluster level file realm user as follows:
    asadmin create-file-user --target ${CLUSTER_NAME} --authrealmname file --passwordfile pwdfile --groups ${A_GROUP} ${A_USER}
  5. Specify <security-constraints> and<login-config> in web.xml and<security-role-mapping> in glassfish-web.xml as in any security web application. Note that all web applications participating in a SSO session must use the same realm. In addition, one has to specify <distributable/> inweb.xml of web applications.
  6. Deploy web applications with--availabilityenabled=true.
    asadmin deploy --target ${CLUSTER_NAME} --availabilityenabled=true ${A_WAR}

Download GlassFish 3.1 and try it today!