@jakarta.apache.org
To: Tomcat Users List tomcat-user@jakarta.apache.org
Subject: Re: Using Single Sign on to access another webapp.
Date: Fri, 08 Jul 2005 06:48:44 -0400
One way to do SSO is to utilize a cookie (lets call it SSO, and to be
really secure - it should only be transfered over https
Dear List,
We are using Tomcat 4.1.xx. We are NOT using the built in security framework
which comes with TC. In the login.jsp page the user/password is validated by
an external organisation wide process, which returns simply true or false.
If the user is valid, the user is forwarded to the
Check this for a way to implement this with Tomcat (you must use 5.5 ore
higher, though):
http://weblogs.java.net/blog/wholder/archive/2005/02/session_session.html
Or this is a solution I found with an external authentication server:
One way to do SSO is to utilize a cookie (lets call it SSO, and to be really
secure - it should only be transfered over https). The existence of a cookie
says the person might be logged in. The value of the cookie needs to be
checked. The value of the cookie shold NOT be the user id. It can
Take a look at
http://tp.its.yale.edu/tiki/tiki-index.php?page=CentralAuthenticationService
Tim Funk escribió:
One way to do SSO is to utilize a cookie (lets call it SSO, and to be
really secure - it should only be transfered over https). The
existence of a cookie says the person might be
