we are currently faced with the task to support Single Sign On in our Java based web service.
The setup is like this: Linux server running Apache as a proxy -> Jetty -> Java web service.
All of this in a Windows Domain with Windows workstations as clients accessing the web service through their browser (mainly IE, some firefox).
The SSO will go through the Windows AD DC utilizing Kerberos through SPNEGO.
From what I have gathered it would be possible to implement the SSO either step of the way, in Apache, in Jetty or in the Java Code itself.
What I haven’t been able to figure out so far is which approach makes the most sense in the given environment.
We obviously need to access the REMOTE_USER one way or another later on to perform further authorization in our application, but this is the only real requirement we have.
So what are the actual pro’s and con’s of implementing the SSO / SPNEGO on the Apache level vs. the Jetty level vs. in our own software – if there are any ?
Any help would be greatly appreciated!
Enjoy your day,