We're using a patched version of SecurityFilter, works like a charm... Basically, it does the following:
1. check security-config.xml if the requested page requires authorisation 2. check session if user is logged in 3. if user is not logged in, redirect to the login page of the SSO server, passing the origin url as parameter 4. after successful login, redirect to the custom login servlet of our securityfilter, passing a signed token. 5. the login servlet decrypts the token using the public key of the SSO server. The key contains (among other info) the username of the logged-in user. 6. if desired, check a database or ldap or whatever for the roles of this user 7. add all this information to the UserPrincipal We packaged all this in a library, and now we have declarative SSO security for all our JSF webapps. Very simple, but effective... Jurgen Op di, 23-05-2006 te 14:30 +0200, schreef [EMAIL PROTECTED]: > Hi > > There is not any particular functionality in JSF that supports SSO > explicitly. This is normally handled in the container, or by plugging > in an API such as Acegi or SecurityFilter. > > Hermod > -----Original Message----- > From: Rogerio Pereira [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 23, 2006 2:25 PM > To: MyFaces Discussion > Subject: Who uses Single Sign On with JSF? > > > Hi, > > I would like to know if somebody uses SSO with JSF, i'm trying > to find a good way to do it in my apps. > > Thanks for any answer. > > -- > Yours truly (Atenciosamente), > > Rogério > > > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > * * * > > This email with attachments is solely for the use of the individual or > entity to whom it is addressed. Please also be aware that the DnB NOR > Group > cannot accept any payment orders or other legally binding > correspondence with > customers as a part of an email. > > This email message has been virus checked by the anti virus programs > used > in the DnB NOR Group. > > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > * * *
