tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Rodriguez <>
Subject Re: Using Single Sign on to access another webapp.
Date Fri, 08 Jul 2005 10:52:30 GMT
Take a look at

Tim Funk escribió:

> One way to do SSO is to utilize a  cookie (lets call it SSO, and to be 
> really secure - it should only be transfered over https). The 
> existence of a cookie says the person might be logged in. The value of 
> the cookie needs to be checked. The value of the cookie shold NOT be 
> the user id. It can be an encrytped form of the user id, or it can be 
> a token which the web server would use in a hash lookup to get the 
> real user id. In the case of the hash - you'd need a "service" to be 
> be able to handle maintenance of getting userids/tokens into the hash.
> Luckily for you, there are some projects out there that do this. 
> Google is your friend here.
> -Tim
> Ben Bookey wrote:
>> Dear List,
>> We are using Tomcat 4.1.xx. We are NOT using the built in security 
>> framework which comes with TC. In the login.jsp page the 
>> user/password is validated by an external organisation wide process, 
>> which returns simply true or false. If the user is valid, the user is 
>> forwarded to the application JSP pages. The user can not access the 
>> application pages at will, because the pages check to see if a 
>> particular session flag is checked.
>> Now my problem. I have been asked to assess if single sign On (SSO) 
>> could be used to create a URL link to another similar webapp's JSP 
>> page (TC with no security framework), where the user doesnt need to 
>> login for a second time. There is not so much info. about SSO around, 
>> but from what I gather it persists login info. inside a session which 
>> is passed between web applications. My first problem is that "my 
>> application" never knows what the password is.  Can anyone see a 
>> possibilty of using SSO for me, allowing direct access to another 
>> webapps JSP page with out re-login ?
>> Would really appreciate any help on this. Especially ones with info. 
>> more than simply "No" ;-)
>> kind regards,
>> Ben
>> p.s. might be that the 2nd app has to create a web-service or 
>> something to provide the information for us!!
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message