4 Replies Latest reply on Mar 16, 2011 11:37 PM by handat

    Single Signon


      I need to either implement or select existing tool/framework for single signon.

      We have multiple Web applications, all using Java (some - with Flex, others without),
      all running on J2EE container (like JBoss) on multiple OSs (many kinds of Unix, Windows too), multiple databases,
      so Java and some J2EE container is a common denominator.

      Is there a good single sign-on framework (better open source) or tool,
      with which it is simple to do that ?

      We do not use Spring, but do not really oppose it either.
      Simplicity is the key.

      Not sure all our client use LDAP (some do).

      So what would you recommend: JAAS, JOSSO, ... ?

      It would be also very nice to have a common area on top, from which user can launch these Web applications
      (like tabs or links), so it becomes sort of mini portal. Nice, but not a must.

      I used Java for many yrs, but more on front end side,
      know servlets/JSP well, but not security part.

      Please advise,

      Edited by: olegkon on Mar 11, 2011 3:09 PM
        • 1. Re: Single Signon
          Try something like OpenSSO/OpenAM for web based SSO. If you want a simple portal that can be integrated with this, try GlassFish Web Space Server.
          • 2. Re: Single Signon
            try GlassFish Web Space Server
            I can not tie myself to any particular J2EE app server,
            our clients should be able to use any possible server.

            If anything, JBoss would probably be my preference, lot of them use it,
            but I can not use any server specific functionality.

            Thank you,
            • 3. Re: Single Signon
              Simplicity is the key.

              Okay, first thing that pops into my head. Create one service on one host in which you keep authentication state of users and make every application talk to this one service. Use your favorite communication method, jax-ws for example since that is integrated into the JVM and can easily be used in both client and JEE solutions. Since its SOAP based you can also invoke the service outside of Java.

              Of course for robustness you'd need some kind of host redundancy just in case you need to do maintenance or you have server downtime. And you'd need to think about how to secure that one service against hacking/abuse attempts.
              • 4. Re: Single Signon
                I think you are confusing the fact that WebSpace and GlassFish are two separate products but some marketing expert decided to mash up the names and add GlassFish in front of WebSpace. WebSpace can be deployed on top of various Java EE servers not just GlassFish. Alternatively, you might consider to use Liferay instead of WebSpace which it is based on.