0

I am trying to customize a Java EE web application (developed using velocity) that uses Shibboleth authentication mechanism. However, I have been asked to provide SSO authentication without using sessions. The user signs into one portal and gets authenticated. In the same portal, he clicks the link to another portal. I am supposed to customize it such that authentication can be checked via URL directly. Second portal has its own database that contains user names and their respective roles. The two things I am not sure about are:-

  1. How would the second portal realize if the user signs out of the first portal?

  2. How would the second portal realize if the user has just copied the URL from some previous access to first portal?

Is there any way to get around these problems?

Arjan Tijms
  • 37,782
  • 12
  • 108
  • 140
user1439090
  • 792
  • 5
  • 12
  • 33
  • Why would signing out of the first portal affect being signed into the second? That would be totally counter-intuitive. If you sign out of Hotmail, you don't get signed out of MSN. – Erik Funkenbusch Jun 20 '12 at 04:19
  • If users are using one sign in to access all applications, wouldn't it make sense for them to sign out of everything with one sign out also. Otherwise, there might be possibility of someone else accessing some application that they forgot to sign out of. – user1439090 Jun 20 '12 at 04:37
  • What do you mean when you write "authentication can be checked via URL directly?" – jbindel Jul 14 '12 at 03:12

0 Answers0