0

I am a bit confused implementing SSO with RESTful API. So far, I have used RESTful API to authenticate and get a token-id.

How should SSO can be implemented? To get a token validated, it must be saved somewhere as a cookie or something. Is there any way to do this?

APerson
  • 8,140
  • 8
  • 35
  • 49
nebula
  • 3,932
  • 13
  • 53
  • 82

1 Answers1

0

I you want to do SSO yourself you have to mimic OpenAM's SSO session tracking mechanism which uses cookies.

Bernhard Thalmayr
  • 2,674
  • 1
  • 11
  • 7
  • I want to use RESTful API for SSO implementation. Do we have to implement SSO ourselves using RESTful API? or there are other ways for SSO implementation using RESTful API? – nebula Feb 13 '13 at 11:15
  • You should probably provide an actual use-case of what you want to achieve. In general SSO is only useful if there is a user-agent (browser) making requests across multiple different sites. If that's the case then you ought to track the user's requests somehow, possibly with a cookie. Now you can only do SSO if this cookie is being shared across applications, otherwise you may as well end up having to implement your proprietary CDSSO solution. It all depends on how your RESTful APIs are interacting with each other I'd say. – Peter Major Jul 01 '13 at 10:43