Hi Eranga, What are those services and how are they secured..? Its wrong if we just pass the JSESSIONID there..?
If we talk he about admin services - then its fine - because we do not send a JSESSIONID - we only use the ADMIN_SERVICE_COOKIE... Thanks & regards, -Prabath On Tue, Jun 24, 2014 at 10:56 PM, Eranda Sooriyabandara <[email protected]> wrote: > Hi Prabath, Dulanja, > I have a requirement to invoke services and webapps in a webapp when SSO > enabled with the logged in user credentials in a AS Cluster. > So when we invoke a > > 1. service within a webapp - How can we invoke with the current user > credentials? Do we need to secure using the SAML 2.0 and send the SAML > Response within the request? If that's the case how can we invoke directly? > 2. webapp within a webapp - Do we need to send the SAMLResponse within > that? > > thanks > Eranda > > -- > > *Eranda Sooriyabandara *Senior Software Engineer; > Integration Technologies Team; > WSO2 Inc.; http://wso2.com > Lean . Enterprise . Middleware > > E-mail: eranda AT wso2.com > Mobile: +94 716 472 816 > Linked-In: http://www.linkedin.com/in/erandasooriyabandara > Blog: http://emsooriyabandara.blogspot.com/ > > > > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
