Geek Answers Handbook

Cookie single sign-on in Java

I continue to encounter this question from my manager how SSO will work if the client disables cookies, but I do not have an answer. We are currently using JOSSO for single sign-on. We have some kind of open source environment that supports single sign-on without using a cooking mechanism.

+4
source share
2 answers

In the absence of cookies, you will need to insert some parameter in each request URL. for example, after entering the system, you assign an arbitrary identifier to the user and insert it into each link, for example, http://mydomain.com/main?sessionid=123422234235235 . This can get pretty dirty, as each link needs to be fixed before it leaves the door, which will slow down your content. It also has security, logging, and session history consequences that are not such a huge deal when the state is in a cookie.

It may be easier to run a simple cookie test for registered users and send them to the error page if they do not have cookies.

+2
source

The CAS project transfers the โ€œticketโ€ from the sign on the server to the consuming application as the url request parameter, the consumer application then returns the request back to the sign on the server for ticket validation. This negates the need for cookies and therefore works across domains, however it's a bit โ€œchattyโ€

Another, perhaps more reliable, solution is to use a SAML-based product, which is the industry standard for single sign-on to a single domain. There are a couple of open source products that use SAML, and CAS itself has the SAML extension, but they are usually quite complicated to configure. Cloudseal is also SAML-based and much easier to use. The Cloudsal platform itself is delivered as a managed service, but all client libraries are open source

Of course, with all these solutions, you simply transfer the security context from one server to another, the consumer application will no doubt create its own local session, so you will need to use URL rewriting instead of cookies

Disclaimer: I work for Cloudsal :)

+2
source

More articles:


All Articles