I have 3 webapps each running on different domains under CORS-enabled Tomcat 7 distribution. How do I use CORS to authenticate a user on all 3 domain without having to type their {username,password} 3 times?
Currently the user has to retype their credentials 3 times for data to appear from each of the 3 domains.
I have read through this post , but it seems like this person is authenticating to only 1 domain (bavarians).
it is not really possible to share the authentication between sites on different domains that are using basic authentication directly, there may be some tricks if they are sub-domains see:
Another alternative would be to switch to federation by using a Security Token Service. Then the users would be redirected to the STS for the first domain they hit and need to log in, then if they go to another domain it would redirect to the STS again but no login would be needed as long as the session had not expired.
