Friday, December 18, 2009


JOSSO, CAS and openSSO are famous Java Single Sign-On in the open source world. The following are some comments on JOSSO and CAS.

  • Architecture is simple to install. Security filtering is inside war file.
  • Only work with SSL.
  • Easily integrate in Spring security.
CAS + Spring Security integration guide

Architecture is hard to deploy. It consists of gateway and agent. Gateway is the project of SSO/login module. Agent need to be installed in all servers for security filtering. Thus, it tights the configuration to server and bunch of xml files in lib folder of tomcat. The security is configure in the server and not within the project. Even thought installation script is provided but it is just for all(agent, gateway,project) in one server. I got no idea how the configuration should be if more than one server is using...

JOSSO + Acegi integration
Look like outdated because have not upgraded to spring security.