• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Junilu Lacar
  • Liutauras Vilda
Sheriffs:
  • Paul Clapham
  • Jeanne Boyarsky
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Piet Souris
  • Carey Brown
Bartenders:
  • Jesse Duncan
  • Frits Walraven
  • Mikalai Zaikin

JAAS Single sign On

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,

I was able to use jaas NTLogin authentication successfully for my project.
For the moment it will ask user for userName & password.

But because user is already login to the matchine (intranet) login again seems unnecessary.

I need a way to use those credentials without login again.
(i found out its callre "Single signOn")

thanks

manoj.
 
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Single SignOn .....

The http is a stateless protocol. So after the user login , the user information will be lost in the next request. So the user would be asked to login again and again. To overcome this , the user information is passed in the HTTP header automatically, then the user only has to login once. This is one side of Single SigOn.

With the internet application development , more and more internet applications are integrated together. Suppose an user A sends a request to application server B and application server B delegate the request to application server C. The user has login on the server A but has not login on server C. The server B can pass the user credential to server C. Then the user A does not have to login in on Server C again. This is another side of Signle SignOn.

The requirement you have might not have been solved. I might be wrong on this because I am not an expert. Only the operation system knows everything. The browser does not have the user password information. The browser might be able to get user credential information from OS. However if the application server accepts the credential information sent by a browser simply, there could be a security hole. A malicious browser can forge the credentail to do something.....

One walk around for your requirement might be using client certification.

Thanks

Lin
reply
    Bookmark Topic Watch Topic
  • New Topic