That is exactly what we do for single sign-on. It seems to satisfy even the most security conscious/paranoid of clients we have. Usually sent as post data rather than on the URL as a get though.

On 20 Apr 2012, at 01:59, "Nathan Andelin" <nandelin@xxxxxxxxx> wrote:

Paul,

How about embedding the the user ID and password in the URL, but encrypting it? Many encrypting algorithms return binary data which would not be suitable. I handle that by converting binary to base 64. It's still strong encryption. Your application on the other end would obviously need to know how to decode it.



----- Original Message -----
From: "Holm, Paul" <pholm@xxxxxxxxxxxxxxxxx>
To: web400@xxxxxxxxxxxx
Cc:
Sent: Thursday, April 19, 2012 11:41 AM
Subject: [WEB400] Single Signon With Different Web Servers

We have a customer with an existing customer portal solution. Customer
signs in with account number and password to a JBOSS server. This allows
customer to see their account data and other customer information. We
plan to deploy on a new application to a different Tomcat server within the
same network. Customer requires a single signon amongst the 2
applications. IE... After signing on the 1st JBOSS application, they want
to present a link to the new application but don't want to make customer
enter account number and password again. The new application needs access
to the account number and password in order to lookup customer equipment
and account information. We obviously need to make sure it is secure and
don't want to pass account numbers and passwords on a URL. We do plan to
use SSL.

We are looking for ideas on how to best enable this requirement.

Thanks Paul Holm

www.planetjavainc.com
--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.
--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.


NOTICE: The information in this electronic mail transmission is intended by CoralTree Systems Ltd for the use of the named individuals or entity to which it is directed and may contain information that is privileged or otherwise confidential. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email or by telephone, so that the sender's address records can be corrected.



--------------------------------------------------------------------------------


CoralTree Systems Limited
25 Barnes Wallis Road
Segensworth East, Fareham
PO15 5TT

Company Registration Number 5021022.
Registered Office:
12-14 Carlton Place
Southampton, UK
SO15 2EA
VAT Registration Number 834 1020 74.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.