Implementing SSO with SAML and JBoss

I want to implement SSO with SAML tokens in JBossAS.

The scenario is as follows.

1. I have 2 applications app1 and app2 running on 2 JBoss instances.
2. Login into app1 and enter username / password using form based auth.
3. Once login, click on the link that should be redirected to the app2 page.
4. This should use SSO with SAML tokens on JBossAS for authentication and authorization of users.

Can anyone let me k开发者_运维问答now how to do this?

I just now found your question and noticed it is still not answered. You can take a look at JBoss picketlink. Said page describes the federation support in JBoss 5+ and Tomcat 5.5+.

Supported protocols are SAML2, WS-Trust and Open ID.

Since SAML2 users Assertion after authentication, using pure SAML2 on both apps would require you to register both apps as Service Providers - I believe.

I did a workaround using JBoss/Tomcat SSO valves: My (Seam) app 1 uses SAML2 for authentication and my other apps simply reuses that Principal (username, roles) created in the first app. I believe this corresponds to your situation. Log in at app 1, security constraint in app2, no log in in app2.

I had to create a custom valve to achieve this https://github.com/jensaug/jbossweb-customsso

/Jens