1

Target

I have 2 webapps (in the future can be more) on the company server. User accounts in the first are different from those for the second webapp, but I can define a mapping among them.

My aim is to allow the user to login only once and gain access for both webapps. The solution is obviously the Single sign-on. I need a SSO webapp and the other webapps must rely on it to authenticate the users. I think I'll follow this good pattern.

I work on Tomcat 7.0.

Users and mapping

  • Users for webapp1 are in a DB.
  • Users for webapp2 should come from a mapping of the former ones.

E.g. user 'Alice' in webapp1 corresponds to user 'Lisa' in webapp2; so the SSO should communicate that the user who has just logged in is 'Alice' to webapp1 and 'Lisa' to webapp2).

Question

Is it better to write my home made SSO webapp or is there any useful open source webapp ready to use (also with a little customization) that can do SSO?

I also read about SAML, but I can't figure out if it's worth to implement such a protocol for my use case.

Thanks!

Community
  • 1
  • 1
bluish
  • 26,356
  • 27
  • 122
  • 180

2 Answers2

1

Use Tomcat Authentication. It includes a set of authentication modules and can be configured to allow access to configured websites. For more details see here.

nfechner
  • 17,295
  • 7
  • 45
  • 64
  • Interesting, thanks! Do you know if I can also configure a mapping? See my edit, please. – bluish Apr 20 '11 at 13:15
  • Do you have influence over the two webapps? Might different roles be sufficient? Otherwise I don't think that you can solve this with simple configuration. Although you might try implementing a Realm for your special needs. A quick Google search gave me [this article](http://www.christianschenk.org/blog/setup-your-own-tomcat-security-realm/), which looks promising. – nfechner Apr 20 '11 at 20:42
  • thankyou again! Unfortunately I have no control on the usernames for webapp2. In webapp2 username and password are used to connect to a DMS. Though this would be a good solution in a standard case, I guess. +1 – bluish Apr 21 '11 at 06:39
0

At the end I realized it's better to build an home-made solution, even if you have to put attention on the security, because the task is not so hard and it's so difficult to find something that suits to my simple case without an overhead of too many features.

bluish
  • 26,356
  • 27
  • 122
  • 180