Hi Jerome, Please see inline for my answers. On Tue, Feb 28, 2012 at 12:07 AM, leleuj <[email protected]> wrote:
> Hi, > > The ServiceUrlAuthenticationManagerImpl would be defined with a list of > authentication handlers, each associated to an url pattern. This > authentication manager would get the service of the incoming request to > know which authentication handlers to use according to the url patterns. *Completely agree with you* > Instead of a pattern url, a bean ID could be used as Jonathan suggested, > but it needs a custom registered service. > *Didnt really understand this* > > In this case, I agree with your last two arguments : it's more efficient > to only use one authentication handler and it avoids collision if the same > login/pwd have be defined in the two authentication systems. > *Completely agree on that* However, I'm not sure that it's a typical SSO situation as if you have two > business applications with two different populations of users authenticated > by two different authentication systems, you don't generally need a SSO. > With the same population authenticating in the same authentication system > and many applications to access to, SSO makes more sense as it allows users > to only fill their login/pwd once and avoid authenticating each time they > want to access an application. > > *Maybe I shall explain with a proper use case.* * * We have three systems 1)*HRSystem*(*Application1*) 2)*FinancialSystem*(*Application2*) 3)*CommonReportingServer*(*Application3*) A user logs into *Application1 *and accesses *"attendance reports"* from * ReportingServer*. Authentication and Authorization credentials are pulled from Application1's authenticating system and utilized in the ReportingServer. This avoids re-authentication/re-entry of username and password on ReportingServer A user logs into *Application2 *and accesses *"budgeting reports"* from * ReportingServer*. Authentication and Authorization credentials are pulled from Application2's authenticating system and utilized in the ReportingServer. This avoids re-authentication/re-entry of username and password on ReportingServer A user logs into *Application1 *and tries to access *Application2 *but cannot access it A user logs into *Application2 *and tries to access *Application1 *but cannot access it Does this explain my situation? Thanks a lot Jerome Regards, Franklin > Has anyone add the same functional use case ? > > Thanks, > Best regards, > Jérôme > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
