Does JOSSO allow me log in on one site and be logged in on another automagically?

Question

I thought this is a purpose of the systems that are called Single Sigh On, but I can't achieve this so started to doubt if it is possible.

I have two Tomcats 6, one with 'gateway', another with 'agent' installed, of Josso 1.8.5. No JBOSS etc is present.

I can login on agentized tomcat with credentals that are held in the gateway Josso => there is connection; but I should log in separately on another tomcat app, and I can provide different user-password.

The goal is make the user be logged in in all partner apps in all tomcats that use Josso.

My set up was made reading the following:

http://www.josso.org/confluence/display/JOSSO1/Setup+JOSSO+Agent+(SP)
http://www.josso.org/confluence/display/JOSSO1/Setup+JOSSO+Gateway+(IdP)
http://www.josso.org/confluence/display/JOSSO1/Jossify+your+Spring+application

etc.

Really it works, but doesn't 'propagate' (not sure of the term) login to all partner applications

Answer 1

Yes this is possible. I implemented the SSO with a central JOSSO gateway hosted on tomcat and partner application hosted on IIS and other tomcat instance.

It was a GWT-P application and we used spring-security framework, so we basically had to rewrite all the agent logic, however, I assure you that it is possible :)

It is hard to directly help you, but you can check these scenarii:

• When not logged in, each partner application redirect you to login page with the correct URL. It should look like: https://josso_server_url/josso/signon/login.do?josso_back_to=https://partner_app/check_page_url&josso_partnerapp_host=partner_app&josso_partnerapp_ctx=partner_app/original_request
• Once you log in, for each application you should see the request that check the assertion_id in the josso server log

If you can do this basic checks, then you should be really close to find a solution.