tomcatjosso

Does JOSSO allow me log in on one site and be logged in on another automagically?


I thought this is a purpose of the systems that are called Single Sigh On, but I can't achieve this so started to doubt if it is possible.

I have two Tomcats 6, one with 'gateway', another with 'agent' installed, of Josso 1.8.5. No JBOSS etc is present.

I can login on agentized tomcat with credentals that are held in the gateway Josso => there is connection; but I should log in separately on another tomcat app, and I can provide different user-password.

The goal is make the user be logged in in all partner apps in all tomcats that use Josso.

My set up was made reading the following:

http://www.josso.org/confluence/display/JOSSO1/Setup+JOSSO+Agent+(SP)
http://www.josso.org/confluence/display/JOSSO1/Setup+JOSSO+Gateway+(IdP)
http://www.josso.org/confluence/display/JOSSO1/Jossify+your+Spring+application

etc.

Really it works, but doesn't 'propagate' (not sure of the term) login to all partner applications


Solution

  • Yes this is possible. I implemented the SSO with a central JOSSO gateway hosted on tomcat and partner application hosted on IIS and other tomcat instance.

    It was a GWT-P application and we used spring-security framework, so we basically had to rewrite all the agent logic, however, I assure you that it is possible :)

    It is hard to directly help you, but you can check these scenarii:

    If you can do this basic checks, then you should be really close to find a solution.