I have a web application which is runs in either JBoss, Weblogic or WebSphere web containers. I need to implement single sign on (SSO) for this application as follows:
Normally, when a user accesses my web application using a browser, the web application presents them with a login page where they are asked to enter their username and password. The web application authenticates them against Active Directory. Then it presents the requested resource. This capability is there today.
Now I need to implement the following scenario:
1. A user logs-in to a particular Windows domain.
2. Then they access my web application through a browser. The web application recognizes that they are already logged-in to a particular Windows domain
The web application should not ask them to login. The user name with which they are logged in to the Windows domain needs to be retrieved and used in the web application.
Can someone outline the high-level steps to achieve this? Is ADFS (Active Directory Federation Services) the right tool for this?