Does JOSSO allow me log in on one site and be logged in on another automagically?
Вопрос
I thought this is a purpose of the systems that are called Single Sigh On, but I can't achieve this so started to doubt if it is possible.
I have two Tomcats 6, one with 'gateway', another with 'agent' installed, of Josso 1.8.5. No JBOSS etc is present.
I can login on agentized tomcat with credentals that are held in the gateway Josso => there is connection; but I should log in separately on another tomcat app, and I can provide different user-password.
The goal is make the user be logged in in all partner apps in all tomcats that use Josso.
My set up was made reading the following:
http://www.josso.org/confluence/display/JOSSO1/Setup+JOSSO+Agent+(SP)
http://www.josso.org/confluence/display/JOSSO1/Setup+JOSSO+Gateway+(IdP)
http://www.josso.org/confluence/display/JOSSO1/Jossify+your+Spring+application
etc.
Really it works, but doesn't 'propagate' (not sure of the term) login to all partner applications
Решение
Yes this is possible. I implemented the SSO with a central JOSSO gateway hosted on tomcat and partner application hosted on IIS and other tomcat instance.
It was a GWT-P application and we used spring-security
framework, so we basically had to rewrite all the agent logic, however, I assure you that it is possible :)
It is hard to directly help you, but you can check these scenarii:
- When not logged in, each partner application redirect you to login page with the correct URL. It should look like: https://josso_server_url/josso/signon/login.do?josso_back_to=https://partner_app/check_page_url&josso_partnerapp_host=partner_app&josso_partnerapp_ctx=partner_app/original_request
- Once you log in, for each application you should see the request that check the
assertion_id
in the josso server log
If you can do this basic checks, then you should be really close to find a solution.