2 Replies Latest reply on Feb 26, 2010 7:28 PM by 807573

    RE: HTTP Scripting and OpenSSO

      So we have a client which is currently using HTTP scripting to pass credentials from server to server rather than from the clients browser to server.

      Im wondering whether this is the capacity within OpenSSO to deal with this, or what the best mehtod would be to deal with the passing of credentials. The passing of credentials happens from a Portal type server across to an application server which fires up an iFrame with the application inside.

        • 1. Re: RE: HTTP Scripting and OpenSSO

          Whenever possible, you will try not to pass credentials full credential data to the target application. Most of the time, you only have to tell the application it has to trust the Id you'll pass, and to ensure through SSO agents that credential you are providing the application are valid (ie: they are those you got on SSO server).

          Using an iFrame, if your portal is protected by an OpenSSO server, and the application inside the iFrame too, then all you need is an OpenSSO agent on both application servers and a bit of config.

          • 2. Re: RE: HTTP Scripting and OpenSSO

            Thanks for the reponse.

            Within the default user's landing page there is service related information which is listed but as part of that page, the iFrame which passes credentials on to the external application, could OpenSSO be used to allow access to all users to the landing page but protect the iFrame and have an OpenSSO login page within the iFrame.

            I know, maybe Im asking silly questions here ....

            My understanding is that as long as the resources that are being protected by OpenSSO have different URL's, in this case he landing page and the iFrame then OpenSSO can protect them both with different policies, in this case an anonymous auth scheme for the landing page and an OpenSSO login page within the iFrame protected by a seperate policy.

            Answers on a postcard please, and thanks in advance.