Hi, I am currently working on a new security implementation for my company - I am a committer on JBossESB and thought what better people to ask my questions than fellow JBoss brethren :-)
We are migrating to JBoss - but right now we are focused on security. There is a good oppty for us to integrate JBoss security at this point. My reqt. is for Delegated Authentication - we have currently have an application that performs Form based authentication, sets an encrypted cookie (with user and pass), this cookie on subsequent requests is decrypted by a webserver plug-in - which also sets the BASIC auth headers and forwards the request to our apps, then there is a JAAS plugin to take care of the application entitlements. Woo! Get all that. Right now - we would like to keep all that but offer our own SAML Delegated Authentication (browser based identity federation) scheme. We could just give our clients a different url for the saml assertions. I have looked through the docs and I do not see anything directly dealing with browser identity federation through the use of SAML assertions. Also, wondering if it would be possible to achieve this using non-JBoss appserver instances (keeping the BASIC auth) - I am thinking all requests would need to come through a marshalling framework to handle timeouts, etc... then populate the BASIC headers, forward the request - sound right? Or am I way off base? I would love to get this working as it would definitely be a high profile implementation. Thanks for any help. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970988#3970988 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3970988 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
