Hello Java Web Application Security Experts,
Can you share your opinions as to what would be a good solution to implement in this scenario:
App Server A runs JBoss 4.x, App Server B runs WebLogic 12.x. There's a Login application (uses JBoss' Login Module to authenticate against LDAP or database depending on the type of user) that authenticates users on A. Upon successful authentication, users are shown a link to access another app (Spring Boot+Spring SAML Extension) that is on B on a different physical server.
Now, the app on B needs to know the logged in user's Principal/Credentials object. What approach would work to share or lookup this data from the app on B, without requiring the user to login again?
Any insights are much appreciated. Thank you.
Aucun commentaire:
Enregistrer un commentaire