c12
c12

Reputation: 9827

Spring Security and External Application for Authentication (Single-sign-on)

I have a Spring based application that exposes 3 authentication choices for the user. Form based, Facebook Connect and a single-sign on from an external application. I'm not sure of the proper way to authenticate the last option.

Application A (Spring Security based) Application B (non-spring based legacy app)

Security Flow: -when a secured resource in application A is requested and the user is not authenticated, application A will redirect to application B where the user will be prompted with a login form and flow through application B's security flow. Application B will then do a HTTP POST to application A (via a callback url param sent with initial request) that consists of XML that will be validated in application A for its validity and if it passes the user should be authenticated in application A. What is the best approach for this scenario using Spring Security?

Upvotes: 1

Views: 7217

Answers (1)

Ritesh
Ritesh

Reputation: 7522

Please see Configuring Spring Security 3.x to have multiple entry points. Just like what @limc did in that question, you can build two different tokens and two providers to handle authentication. But I think you will be fine with one provider and in that case you have to pass different details in auth token (because I assume there won't be password in XML) and based on data in details, the provider will authenticate the user (without password).

Upvotes: 2

Related Questions