This is a special mechanism of user authentication that enables a user to be authenticated once, and gain access to resources on multiple systems/web applications during that session.
SSO's (Single Sign On) main components are include an Identity Connector Framework, Token Marshalling Framework and a Federation Server.
Here are some key features of "JBoss SSO":
- Frontend Features:
- End-to-End secure cross domain/cross organization Single Sign On/Single Sign Out using industry standards like SAML
- A more practical de-centralized approach to SSO as compared to the more limiting hub and spoke architecture.
- Pluggable Identity Connector Framework to connect to custom Identity Storage systems like (JDBC databases etc). Includes a standard LDAP based Identity Connector. Successfully tested for Red Hat Directory Server, OpenLDAP, and OpenDS.
- A clean separation between framework and application authentication. Supports both standard JAAS based authentication mechanism as well as custom authentication mechanisms such as (Struts actions, Servlet Filters,JSF Actions, Plain Servlets etc)
- Seamless Integration with JBoss Portal. Work in progress for the JBoss SEAM Framework integration.
- Helps consolidate silos of identity stores that have cropped up over time with multiple web applications.
- Improves user account provisioning process dramatically.
- Provides a better end user experience using web SSO.
- Improves efficiency when integrating user access to new applications including 3rd party ASP services like SalesForce.com.
- Enables secure intra-company access to applications between enterprises and their partners, suppliers, and customer organizations.
- [JBSSO-20] - There is a bug related to Browser based POST for Federation
- [JBSSO-21] - Looks like it has issues with JDK4
- [JBSSO-23] - ClassCast Exception in LoginContext
- Feature Request:
- [JBSSO-18] - Remove the cross domain linking annoyance
- [JBSSO-27] - Integrate a DemoLoginProvider to be used as default configuration