Hello,
I have made a simply SSO solution for us using digital signature in a parameter of the request (We recive simple request from a third party that we trust).
My LoginModule takes the request and validates if it trust the digital signature of the request. If it trusts, the login is Ok.
The problem that I have is that in the web.xml <auth-method> I have to put FORM,BASIC,DIGEST or CLIENT-CERT. There is somthing like none? Because I don't want any interaction with the user, and I don't need any info (only the request).
What I have know is a "working" solution with the problem that the user gets a BASIC auth dialog asking the password, what it's entered doesn't matter because the Loginmodule only looks at the request.
My question is there is something like auth-method NONE, or any workarround to don't ask any info to the user?�
A workarround that I have in mind, is use a nonprotected
servlet in the app that manually puts the credentials. But, is that possible?
I've been reading at the docs of
Jboss but I dont know.
I have:
The problem is that this is a local LoginContext, isn't it? How can I get the LoginContext that Jboss uses for the webapp?
A lot, lot, lot of thanks in advance, because this is a little nigthmare