Implementing SSO in Apache, Jetty or Java Web Service

Hello stackoverflow’ers

we are currently faced with the task to support Single Sign On in our Java based web service.
The setup is like this: Linux server running Apache as a proxy -> Jetty -> Java web service.
All of this in a Windows Domain with Windows workstations as clients accessing the web service through their browser (mainly IE, some firefox).
The SSO will go through the Windows AD DC utilizing Kerberos through SPNEGO.

From what I have gathered it would be possible to implement the SSO either step of the way, in Apache, in Jetty or in the Java Code itself.

What I haven’t been able to figure out so far is which approach makes the most sense in the given environment.

We obviously need to access the REMOTE_USER one way or another later on to perform further authorization in our application, but this is the only real requirement we have.

So what are the actual pro’s and con’s of implementing the SSO / SPNEGO on the Apache level vs. the Jetty level vs. in our own software – if there are any ?

Any help would be greatly appreciated!

Enjoy your day,
Tom


Source: apache

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.