I don't want to waste too much of anyone's time but before I spend weeks trying to set this configuration up I was wondering if I could describe my configuration idea and if I could get a yes it's possible, no it's not possible, or this configuration idea is dumb response from someone who knows. :) If I get a yes I would really appreciate some quick pointers to help get me started down the correct track.
Configuration: I have several JBoss 3.2.x Servers NOT clustered together that run different web applications. They all can have a unified authentication and authorization system so I was thinking SSO would work well for them all. I need form based authentication and I would like to be able to eventually provide authentications services to the same system for things such as Web Services too though that would be down the road. I believe I will also need to integrate with JAAS so I can do things such as propagate security information to EJB calls as well. So this is what I was thinking I might be able to do: 1. Implement authentication and authorization into CAS. 2. Configure all the servers with the JBossAcegiLoginModule to authenticate requests through CAS. (don't know if this is possible) 3. Utilize Acegi's AuthenticationProcessingFilter so that I don't have to use J2EE standard form authentication yet configure it in such a way that it utilizes JAAS to authenticate so that J2EE security features can be used such as propagation of security information to local and remote EJB calls and so that standard J2EE security features work (ie. getCallerPrincipal(), getRemoteUser(), etc.). 4. Then, hopefully because of using CAS and Acegi if the user were to browse to one of the other servers/web applications then I would like it for the user to not have to authenticate again. Would something similar to that work? Or is there some kind of other configuration I could put together to provide the desired functionality? The requirements basically are, integrate CAS SSO to JAAS and use Acegi's web based authentication filters for features things such as defaultTargetUrl. I hope this made sense. I appreciate any feedback I get. Regards, Mike --- [This E-mail scanned for viruses by Declude Virus] ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer