0

I have existing struts web application with Single Sign On. Then I'm going to create a different web application using spring framework. Then want to use the logged in user from struts app to link with new spring app.

Problem: I don't have any idea on how to automatically log in the logged user from struts app to my spring app.

Any guidance is appreciated.

Updates 1: the physical servers are located in the same place but it owns by two different company. However, we are connected and we called it as extranet. Its just like an intranet but in a wider range or network.

Updates 2: I have to add concerning the domain setup. http://www.abc.xxx1.ne.jp/ is the struts web app. http://server1.abc.apac.yyy1/springwebapp/ is the spring web app. It will be cross domain. I've heard from @edwardw that I need to choose federation approach. Any guidance on how to deal with the said approach are highly appreciated.

eros
  • 4,946
  • 18
  • 53
  • 78
  • Have a look at the links in answer. http://stackoverflow.com/questions/6340466/single-signon-spring/6340625#6340625 – Simeon Dec 13 '11 at 08:34

1 Answers1

1

It depends on whether two web applications of yours reside in the same domain or not.

  • If yes, then you can use cookie based solution. Your current SSO server must have supported that out of the box. Check its document.

  • If not, then it is far more complicated. Check your SSO server's document for identity federation and/or federated authentication.

And you may also find this SO question helpful.

Community
  • 1
  • 1
edwardw
  • 12,652
  • 3
  • 40
  • 51
  • What do you mean by the same domain? I have added infra info. Would you check it out. – eros Dec 13 '11 at 11:33
  • 1
    If two web apps are ```mail.abc.com``` and ```cal.abc.com```, then same domain. If ```abc.com``` and ```xyz.com```, then cross-domain. The physical location of servers don't matter. Cookie, which is simple, can't work cross-domain. If cross-domain, you need to investigate identity federation feature (e.g., SAML or OpenID) of your SSO server. – edwardw Dec 13 '11 at 12:01
  • Got it. I appreciate. I'll confirm it as soon as possible. – eros Dec 13 '11 at 23:50
  • i got the url pattern. `http://www.abc.xxx1.ne.jp/` is the struts web app. `http://server1.abc.apac.yyy1/springwebapp/` is the spring web app. is it on the same domain? – eros Dec 14 '11 at 05:13
  • 1
    'apac.yyy1', are you sure? If yes, then cross-domain. – edwardw Dec 14 '11 at 05:25
  • yes it is. so it is a cross-domain. I have to check FEDERATION though I don't have any idea of what it is. any guidance is appreciated. – eros Dec 14 '11 at 06:06
  • It is a complicated topic worth its own book. Good luck and I'd start with SSO server's document if I were you. – edwardw Dec 14 '11 at 06:15