Current setup:
- We have two web apps (App1 and App2).
- App1 doesn't make use of any authentication since it is purely informational.
- App2 uses an API for authentication (API connects to a server somewhere to authenticate user)
- Application Server used: Websphere 8
Problem:
- Need to implement SSO for App1 and App2. I understand that to be able to implement SSO in Websphere, applications must use Java EE security for authentication. Is it still possible to implement this for app2 when it has its own custom authentication process? in order to implement SSO for both Apps
Thanks,
let's make it clear a bit. You say that App1 is not secured at all and App2 is secured by some custom authentication process. Right?
Well then for App2 -> App1 redirection you don't need any SSO since App1 is not secured. And for App1 -> App2 redirection any SSO cannot be implemented, since App1 has no security context to pass.
If App1 was secured as well (by whatever means, HttpAuth basic for instance - can be completely different authentication method, than App2 uses), AND both apps are running on IBM environment (WAS for instance), LTPA SSO is used: