Search This Blog

Thursday 20 March 2014

My own primitive Single Sign On - Last Lap

In our previous post we saw how PlatformApp1 was able to read the cookie created by AuthPlatform. The PlatformApp1 verifies with the AuthPlatform if this cookie is valid (maybe through shared data or a simple REST API exposed by AuthPlatform) and accordingly lets the user proceed.
Now we have a authenticated user who decides he wants to use PlatformApp2. The same logic works.
Here too when the first request was made for a page:

as seen here the browser sent details of the root level cookie (The one that belongs to AuthPlatform).
PlatformApp2 verifies if this session is valid and is true allows the user to view the page.
And..........
Thus we have Single Sign On.

What about Logout ??
Well for logout from any application, we need to void both sessions  - the PlatformApp from which user asked to logout and also the AuthPlatform.
With the AuthPlatform session gone, now no PlatformApp will work. (Just like in Google - sign out of one application(say Gmail) means you are signed out of all apps).
(I used a little AJAX to get this done- not my best use of AJAX)

What about inactive sessions ?
I used the standard approach to keeping sessions alive. A keep alive hit to both servers every few minutes to avoid inactive timeout. AJAX again.
The AuthPlatform cookie exists  for a long time, the PlatformApp cookies are invalidated once the browser window/tab is closed.

Thus we were able to achieve SSO using just JSP and Servlets. Nothing complex. No third party tools etc. Obviously there will be shortcomings to this primitive approach. The most obvious one being the cookie and path fiddling needs to be done.To make the communication between web apps easy I used cross context access - means all webapps need to be in the same context. (Of course this issue can be easily sorted out).
I have uploaded the code for the above work on my GIT account - https://github.com/RobinVJ/SimplySSO/ (Branch V1)
Feel free to download and test out. All comments and feedback are welcome - as always.

No comments:

Post a Comment