Enable SSO capability into an application

I would like to enable SSO capability as a authentication provider into an web application. The use case being: I have got 2 applications. One is MAIN application and other is a REPORTING application deployed separately.

Once the user is authenticated by MAIN application, he should be allowed to login to REPORTING application as well.

I know about CAS or other 3rd party SSO providers. However, I would like to implement something in my MAIN application itself so that it providers SSO service to REPORTING application as well. Some kind of ticketing mechanism may be.

I am not sure where to start. Any pointers would be highly appreciated.

PS: Applications are on the Java EE platform.


Because the applications are on different domains, cookies can't be used for storing the session, which is usually how web apps handle authentication.

If the user is expected to access the reporting application from within the main application (eg, through a link), then you could append a security token to the link. The reporting application could call back to the main application to check that the token is valid. This SO article explains token-based authentication.

That being said, having implemented token-based security schemes in the past, I would say its easier to use a third-party solution if possible. CAS might be a good choice if it supports the features you need, as it runs as a standalone service with clients in many languages.

链接地址: http://www.djcxy.com/p/22012.html

上一篇: Asp.net Web API和Web MVC认证逻辑

下一篇: 将SSO功能启用到应用程序中