How to Implement SSO on existing tomcat web application
I have a tomcat 7 setup with oldApp.war and newApp.war deployed on it. Both the applications share the same login credentials for users on the database.
I can access the apps using https://localhost/oldApp and https:localhost/newApp respectively.
My oldApp is a Spring MVC java application and when the user is logged into the oldApp I want to have a link which will take the user into the newApp without asking for the login credentials.
I want to know how to implement SSO to do this. I preferably don't want to run any external service to handle this.
Thanks in advance.
Answer
Update: Its 2018 and the below info is out of date. If you’re starting a new application then use a federated identity protocol like Open ID Connect and you’ll get SSO for free.
There are a few approaches you could take:
- You could use Tomcat for authentication and use Tomcat's single sign on capabilities. If you're currently using Spring to authenticate the user you may need to change some things. Also, depending on how you're doing authentication, Tomcat's authentication may not be configurable enough.
- You could setup a third, CAS, servlet (or something similar), which both web applications authenticate against.
- You could set this up yourself using Spring and pre-authenticated filters. You would basically have to write your own pre-authenticated filter which checked some location that both servlets had access to (database?, shared context?) for existing credentials before falling back to old authentication methods. You'll want to make sure to clear this authentication in a filter somewhere so the next request doesn't get to automatically inherit the previous requests credentials.