Single sign-on among several web servers


Web tier: servlets, JSP, Web frameworks: Single sign-on among several web servers

  1. Single sign-on among several web servers (2 messages)


    We have several physical web servers. There are also two virtual hosts on the same physical server, running on different ports.

    We have a "welcome" web application, that is a "router" to other web applications on these web servers so that a user could easily find the necessary application. Not all "directions" are immediatly visible to a "guest" user. To see all the links to all "directions" available to him or her, a user must log in, using a login form. All works well when a user logs in and gets to a web application deployed on the same server.

    However, when an authenticated user follows a link to a restricted application, which is only visible to authorized users, on another physical server, the login page from that server appears again. This means that user has to authenticate himself again...

    So the question is: how, if that is possible, to achieve a single sign on among several web servers, just like it works among serveral web applications on the same virtual host? If this is a non-standard feature, which web servers support it?

    Sergei Batiuk.

    Threaded Messages (2)

  2. Look at products like Siteminder or the SunONE Identity server for SSO between heterogeneous web applications an servlets. The SunONE identity server 6.0 supports SAML 1.0 and the liberty project spec 1.0. Both siteminder and Identity server all have web agents for popular web/application servers. Sun has an open source ref implmentation of liberty called IPL that you may be able to modify. Otherwise, you can do magic with javascript,frames, and cookies to hack a user transparent login solution that works.
  3. Liberty[ Go to top ]

    Have you read about the Liberty Alliance? It's a good way of doing web single sign on. There are a few products avaiable too listed on their site.