We use websphere and form-based authentication using LTPA ( ibm specific
technology for single signon ). We are trying to get away from websphere
dependency. One of our requirements is as follows: We have desktop clients
( which we do not control ) that does a url connection to our web app ( 1
) which sends back data and the ltpa token. The desktop app then opens a
browser and sends back the "ltpa token" as a cookie to another web app ( 2
), which has form-based authentication which recognizes the "ltpa token"
and logs the user in ( so no need for another sign in ). I am wondering
if this can be achieved with acegi ?
Desktop App opens URL connection ( not through browser, socket i assume )
to web app 1
web app 1 response header has cookie to identify user/session
Desktop app opens browser with this cookie(s) set and redirects to web app
web app 2 ( form-based auth ) checks the cookies and auto-logs in the user
Enterprise Component Architect
Commerce Insurance Company