Hi,
if the LTPA token is accepted by the application server, and you have
enabled application security, and your application has configured JEE
security constraints (via web.xml) you can use spring security in JEE
pre-authentication scenario (described here:
http://static.springframework.org/spring-security/site/reference/html/preauth.html).
zoran
On Fri, Mar 27, 2009 at 1:08 PM, psri...@commerceinsurance.com wrote:
Hi,
We use websphere and form-based authentication using LTPA ( ibm specific
technology for single signon ). We are trying to get away from websphere
dependency. One of our requirements is as follows: We have desktop clients (
which we do not control ) that does a url connection to our web app ( 1 )
which sends back data and the ltpa token. The desktop app then opens a
browser and sends back the ltpa token as a cookie to another web app ( 2
), which has form-based authentication which recognizes the ltpa token and
logs the user in ( so no need for another sign in ). I am wondering if this
can be achieved with acegi ?
Desktop App opens URL connection ( not through browser, socket i assume ) to
web app 1
web app 1 response header has cookie to identify user/session
Desktop app opens browser with this cookie(s) set and redirects to web app 2
web app 2 ( form-based auth ) checks the cookies and auto-logs in the user
Thanks
Pady
Pady Srinivasan
Enterprise Component Architect
Commerce Insurance Company
Phone: 508-949-4254
--
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
--
Human by day user by night
--
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer