I did more research and it seems that on windows, using the Microsoft Security Support Provider Interface, I could achieve a single sign-on mechanism transparently using NTLM (Windows NT domain) or Kerberos (Windows 2000/2003 domain).
But (of course there is a but), the authentication mechanism involves multiple client/server exchanges (the client and the server are going through a specific dialog before the server can trust the client). The real question is if JBossSX provides enough extension points to plug such mechanism, especially if it involves multiple client/server exchange before the authentication is really done, which means that both server and client side must be extended. Actually, it is equivalent as trying to plug the Java GSS-API (the java version of the Microsoft SSPI) as part of the JBossSX client/server authentication process. As anyone already thought about doing something like that? Does it make sense? Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856351#3856351 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856351 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user