How about embedding the the user ID and password in the URL, but encrypting it? Many encrypting algorithms return binary data which would not be suitable. I handle that by converting binary to base 64. It's still strong encryption. Your application on the other end would obviously need to know how to decode it.

----- Original Message -----
From: "Holm, Paul" <pholm@xxxxxxxxxxxxxxxxx>
To: web400@xxxxxxxxxxxx
Sent: Thursday, April 19, 2012 11:41 AM
Subject: [WEB400] Single Signon With Different Web Servers

We have a customer with an existing customer portal solution.  Customer
signs in with account number and password to a JBOSS server.  This allows
customer to see their account data and other customer information.  We
plan to deploy on a new application to a different Tomcat server within the
same network.  Customer requires a single signon amongst the 2
applications.  IE...  After signing on the 1st JBOSS application, they want
to present a link to the new application but don't want to  make customer
enter account number and password again.  The new application needs access
to the account number and password in order to lookup customer equipment
and account information.  We obviously need to make sure it is secure and
don't want to pass account numbers and passwords on a URL.  We do plan to
use SSL.

We are looking for ideas on how to best enable this requirement.

Thanks  Paul Holm

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.