Using Fediz to SSO between two WARs deployed in the same Tomcat Instance

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Using Fediz to SSO between two WARs deployed in the same Tomcat Instance

Anand Tandon
Hello,

I want to validate if Fediz based SAML SSO can be used for following
use-case.

I have two WAR files deployed in the same Tomcat instance. I'm using
Forgerock OpenAM as IdP. 1st WAR file provides browser based UI and hence
can support interactive login. 2nd WAR provides REST API interface and
hence does not support interactive login. 1st WAR uses data returned from
2nd WAR via REST interface to display in home page.

Can Fediz be used so that the REST call from 1st WAR's UI (embedded
JavaScript) to 2nd WAR doesn't need to re-authenticate with IdP. I have
gotten the 1st WAR (the UI app) working with Fediz and OpenAM.

Thanks,
Anand
Reply | Threaded
Open this post in threaded view
|

Re: Using Fediz to SSO between two WARs deployed in the same Tomcat Instance

coheigea
Administrator
Hi Anand,

Yes I believe this should work. In your "fediz_config.xml", only have value
of your UI war name matching the value here for "name":  "<contextConfig
name="/fedizhelloworld">".

Colm.

On Fri, May 15, 2020 at 9:31 PM Anand Tandon <[hidden email]> wrote:

> Hello,
>
> I want to validate if Fediz based SAML SSO can be used for following
> use-case.
>
> I have two WAR files deployed in the same Tomcat instance. I'm using
> Forgerock OpenAM as IdP. 1st WAR file provides browser based UI and hence
> can support interactive login. 2nd WAR provides REST API interface and
> hence does not support interactive login. 1st WAR uses data returned from
> 2nd WAR via REST interface to display in home page.
>
> Can Fediz be used so that the REST call from 1st WAR's UI (embedded
> JavaScript) to 2nd WAR doesn't need to re-authenticate with IdP. I have
> gotten the 1st WAR (the UI app) working with Fediz and OpenAM.
>
> Thanks,
> Anand
>