Hello everyone, My question might seem stupid, I want to check if this is the intended way to go, though.
I do have a main Web-Application secured using shiro. I also have a third party web-application which allows me to implement my own authentication class. The idea is to link from the first application into the third-party one. Since I do not want the user to log on twice I would simple pass the UsernamePasswordToken together with the username via URL (HTTPS). In order to check if the user is allowed to use the third-party application I then would check via SOAP-Web-Services with the main application if the user is currently authenticated. To have an authorized answer I would also provide a hashed shared-secret which is checked in the reply again. Is this something I should do? Is there a better way to provide some sort of SSO? Thank you very much for your ideas and help, Chris
