One of the implementation for SSO is donewith storing some security token in
cookies.
Like:
1. Login is done in System1, System1 generated some security token and
placed it into cookies
2. User navigated to System2 (JspWiki in our case) - security filter in
System2 analized security token in cookies, and perform (if it is possible)
login with using information in this security token
Spring-Security (for example) has algorithms for SSO implemented.
I'm afraid JspWiki has no SSO implemented out-of-box - but, I may be wrong
2009/5/25 Kinicky <
kinicky@...>
> yes i know about this security issue.
>
> i'm trying to implement SSO with another system and this other system asks
> for the parameters. i can use post to do the SSO but i didnt succeed so i'm
> just trying the GET method now because is more clear and easy to test.
>
> On Mon, May 25, 2009 at 10:24 AM, Andrew Jaquith <
>
andrew.r.jaquith@...
> > wrote:
>
> > This is a very bad idea. Among other things, the GET is likely to be
> > logged, which means the user's password will be exposed and recorded.
> >
> > What are you trying to do?
> >
> > Andrew
> >
> >
> > On May 25, 2009, at 9:19, Kinicky <
kinicky@...> wrote:
> >
> > hi everyone,
> >>
> >> is it possible to login in JSPWiki by passing the parameters in URL?
> >>
> >> i'm tried this: http://
> >> <server>/JSPWiki/Login.jsp?j_username=<username>&j_password=<password>
> >>
> >> tks!
> >>
> >
>
--
With Best Regards,
Alexey Kakunin, EmDev Limited
Professional Software Development:
http://www.emdev.ru
