How to implement SSO in heterogenous system (Java and web application) [closed]

StackOverflow https://stackoverflow.com/questions/20420218

سؤال

Assuming there are two heterogenous applications (Java rich client and a web application). It shall be possible that the user signs in once to the Java rich client, from there opens a link to the web appication (which opens in the browser) and is automatically authenticated without the need to enter his username/password again.

The first idea was to set up an SSO server using Kerberos. But how can the kerberos ticket be passed to the web application? Is this even possible? Is there any other approach to achieve SSO?

Even better, is it possible to to let the user register at the SSO server when logging into the OS (Windows or Linux) and pass the login information to the Java rich client and from there to the web application?

هل كانت مفيدة؟

المحلول

Your first idea is great, you'll have to install Kerberos on your server and, if you are on linux, integrate Kerberos into your PAM Auth or into your Open-LDAP Auth.

It needs to create REALMs on the Kerberos, which are the realms for your users.

Later, when everything is working fine, you'll login on your OS and with the successful login you'll get a "ticket" in the Kerbers Ticket Granting Server.

So, now a user comes and log into the os, he has no ticket yet, so the answer of the successful login comes from the AUTH System of the OS, the ticket is created (initial auth request) and the user is logged in.

Your WebApp on the Applicationserver could be in another realm, but if there is a relationship between those two realms the user can browse to the WebApp and will be logged in automatically by Kerberos, because he is logged in currently and has a ticket in TGS.

Great, log in only once and use all applications around.

مرخصة بموجب: CC-BY-SA مع الإسناد
لا تنتمي إلى StackOverflow
scroll top