Symantec Access Management

Expand all | Collapse all

SSO with webstart application

Jump to Best Answer
  • 1.  SSO with webstart application

    Posted 10-08-2017 08:26 AM

    Is there a way to integrate siteminder SSO with webstart application using cookies ?



  • 2.  Re: SSO with webstart application

    Posted 10-08-2017 11:50 PM

    How about putting CA Access Gateway in front of the web start app? 

    You can then perform sso at the proxy level, rather than doing it at the app server (web start app ) side..



  • 3.  Re: SSO with webstart application

    Posted 10-12-2017 12:42 AM

    Thank you very much for your advise.



  • 4.  Re: SSO with webstart application
    Best Answer

    Broadcom Employee
    Posted 10-12-2017 12:13 AM

    Hi Arjuna

     

    Unfortunately, I don't think it is going to work. the way you want it to.

     

    The webstart app is different to applets, applets tended to run in the browser and inherit the browser context including the page website, session details and cookie values - so although applets can still cause trouble, they can run on a browser in a SSO session context.

     

    Protecting the webstart app

    Webstart apps, after the initial install, tend to be stored in the Java deployment cache on the local machine and then run independently of the browser.

     

    So any SSO protection of the webstart app will be difficult, you should be able to protect the initial .jnlp access via the browser, and that would ensure you have valid SMSESSION cookie - but that is only on the initial download. 

     

    Subsequent running of the webstart app usually is from the java cache rather than downloaded.  Java can be set to check the server for updates, but there is no mechanism for this internal check to navigate an SSO protection scheme.

     

    Protecting access from a webstart app

    However, if you mean you are running the webstart app, and it makes calls to a remote webserver, and you want those requests protected by SSO, say for REST/SOAP calls, then that is possible but you would need to customize your java code to recognize a failure, such as a 401 and be able to popup a dialog to prompt for UN/PW to response with Basic credentials in the request.

     

     

    Cheers - Mark

    ----
    Mark O'Donohue
    Snr Principal Support Engineer - Global Customer Success



  • 5.  Re: SSO with webstart application

    Posted 10-12-2017 12:46 AM

    Thank you very much for your quick support. I'll considar using REST call to identify valid SMSESSION