We have an application on some fincance package. We need to implement a Single Sign-On so that the logged in user can directly logged into another web based application. Can anybody explain how this can be implemented? In our application e-Mail Id is the primary key.
Cookie based single sign on sounds good - but what do you do in case of protocols / devices which do not support cookies? Or completly independet servers?
In these cases you may achieve Single Sign On by implementing your own session management on top of the http session management of your servlet/jsp container. That way you can join requests even with different protocols(e.g. wml & soap calls) to one session and add for instance security on top of that (session ids which lead to one super session but are valid for one specific server only).
The tricky part is a clustered environment where you have to implement your own distributed session management.
We implemented it and it really works like a charm, even for clustered environments.
Thanks for th reply. Also can you please clarify me the following?
We have an application running on iPlanet Application Server 6.0. We use servlet session management apart from our own management. I would like to know what is the restriction on the number of sessions that an iPlanet App Server can create, provided there are ideal conditions like there are no lengthy processes by a single user. Is there any such restriction on the number of sessions that an app server can create?
Well, as far I can tell there are certain issues with sessions you need to be aware of:
Sessions require memory. As more attributes you put into as more memory you need.
Use a good sized session invalidation time to avoid additional overhead.
In a clustered environment you need distributed sessions, which adds network communication between your cluster nodes. Most HTTP Session are distributed to all nodes, you may alter that behaviour with your own session management.
Do we have any tool for testing the load and performance of the system?