One of the implementation for SSO is donewith storing some security token in cookies.
Like: 1. Login is done in System1, System1 generated some security token and placed it into cookies 2. User navigated to System2 (JspWiki in our case) - security filter in System2 analized security token in cookies, and perform (if it is possible) login with using information in this security token Spring-Security (for example) has algorithms for SSO implemented. I'm afraid JspWiki has no SSO implemented out-of-box - but, I may be wrong 2009/5/25 Kinicky <[email protected]> > yes i know about this security issue. > > i'm trying to implement SSO with another system and this other system asks > for the parameters. i can use post to do the SSO but i didnt succeed so i'm > just trying the GET method now because is more clear and easy to test. > > On Mon, May 25, 2009 at 10:24 AM, Andrew Jaquith < > [email protected] > > wrote: > > > This is a very bad idea. Among other things, the GET is likely to be > > logged, which means the user's password will be exposed and recorded. > > > > What are you trying to do? > > > > Andrew > > > > > > On May 25, 2009, at 9:19, Kinicky <[email protected]> wrote: > > > > hi everyone, > >> > >> is it possible to login in JSPWiki by passing the parameters in URL? > >> > >> i'm tried this: http:// > >> <server>/JSPWiki/Login.jsp?j_username=<username>&j_password=<password> > >> > >> tks! > >> > > > -- With Best Regards, Alexey Kakunin, EmDev Limited Professional Software Development: http://www.emdev.ru
