Hi, I am integrating two websites using single sign on. I have two sites namely aaa.com and bbb.com.
When a user navigates from aaa.com, as he is already authenticated in it, he should be allowed to bbb.com without asking the credentials again. This is my requirement.
aaa.com is based on Tomcat Form based authentication and working fine.
bbb.com's static data is deployed on apache and it requires apache BASIC authentication (htttd, and .htaccess). And dynamic data is deployed on Tomcat and based on Tomcat BASIC authentication.
If I access static data of bbb.com, it first asks for credentials (Using a popup), authenticates using mod_auth_mysql, and once the user is authenticated, it is storing credentials in browser cache. When I navigate to dynamic content which is in tomcat, still its working without asking credentials twice. (I ensured that <realm-name> in web.xml and AuthName in .htaccess file are same).
I enabled SingleSignOn valve in server.xml file, and trying to access bbb.com from aaa.com. When I try to access dynamic data of bbb.com from aaa.com, as both are based on Tomcat security, they are sharing the browser cached credentials. (Though one is based on form and another is based on basic authentication model). But, when I try to access bbb.com's static data (which is in apache) from aaa.com, again its asking credentials, using a popup.
bbb.com is an old project which was developed around 9 yrs ago and I am not allowed to modify/reengineer the architecture.
Could any one please guide me in right direction. I appreciate your help.