Web Start/JNLP in a Single-Sign On environment
- From: "Steve A" <steve.albin@xxxxxxxxx>
- Date: 3 Jan 2007 13:24:21 -0800
Hello,
I'm deploying a Swing application using Web Start in a single-sign on
environment. (In my particular case I'm using JOSSO and Tomcat). When a
user is authenticated a SSO session ID cookie is created. Therefore I
can protect the URL to the JSP that generates the JNLP file. The
problem I'm having is that when javaws attempts to download the
application jar files, it fails because the web server redirects the
HTTP GET to a login page. The reason is that I'm not using basic
authentication and so the security agent on the web server is expecting
to find the SSO session ID cookie with the HTTP request. Javaws doesn't
have this cookie so the HTTP GET returns the HTML of the login page,
not the JAR file itself and the application fails to launch.
I've searched through Sun's forums on the topic and found only
solutions using basic authentication. Another approach is to put the
JAR files in a non-secure location so that no authentication is
required to download them.
I don't have the option of using different implementations of javaws.
The application must be launched by clicking a link in a browser. There
is no offline allowed and I don't include the href attribute in the
JNLP file.
Has anyone deployed a web start app in a SSO environment and if so,
how? Or is it not possible?
Thank you,
Steve A.
.
- Prev by Date: Re: Axis2 WSDL2Java
- Next by Date: FileOutputStream append issue
- Previous by thread: Re: Axis2 WSDL2Java
- Next by thread: FileOutputStream append issue
- Index(es):
Relevant Pages
|
