I have an unusual problem that I'm struggling to get help with. We have a website with a login procedure and another site would like to access the site (from theirs) without having to logon. They want it to appear seamless. To do that they want to provide a hyperlink with the user and password in it as url parameters. Their site runs with ASP over IIS and ours using J2EE running OC4J (Oracle J2EE). Does anyone know of any good resources to look at to solve this?
I'm looking for something that will allow their ASP developers to encrypt a string so that I can decrypt it using J2EE. I've found Java->Java versions, but am looking for something that will work across these two platforms.
Any comments appreciated. [ February 08, 2007: Message edited by: Matt Newboult ]
To my best of knowledge , Algorithms and the parameters to those are like specification.So as long as the algorithm used by Asp is same as the algorithm used by j2ee to decrypt.It's ok and should work.
There should be algorithms available on both platforms. Try looking into RC-4. It's pretty simple to understand, analyze, fast, code and secure. The hardest part is probably dealing with key-management. If the key won't change much, this isn't probably much of a concern. But if you need a more robust solution, then you need to add in public-key encryption like RSA. This is pretty much then SSL So you might just re-think to make everything done over SSL.