I thought this is a purpose of the systems that are called Single Sigh On, but I can't achieve this so started to doubt if it is possible.
I have two Tomcats 6, one with 'gateway', another with 'agent' installed, of Josso 1.8.5. No JBOSS etc is present.
I can login on agentized tomcat with credentals that are held in the gateway Josso => there is connection; but I should log in separately on another tomcat app, and I can provide different user-password.
The goal is make the user be logged in in all partner apps in all tomcats that use Josso.
My set up was made reading the following:
http://www.josso.org/confluence/display/JOSSO1/Setup+JOSSO+Agent+(SP)
http://www.josso.org/confluence/display/JOSSO1/Setup+JOSSO+Gateway+(IdP)
http://www.josso.org/confluence/display/JOSSO1/Jossify+your+Spring+application
etc.
Really it works, but doesn't 'propagate' (not sure of the term) login to all partner applications
Yes this is possible. I implemented the SSO with a central JOSSO gateway hosted on tomcat and partner application hosted on IIS and other tomcat instance.
It was a GWT-P application and we used spring-security
framework, so we basically had to rewrite all the agent logic, however, I assure you that it is possible :)
It is hard to directly help you, but you can check these scenarii:
assertion_id
in the josso server logIf you can do this basic checks, then you should be really close to find a solution.