Single Sign On (SSO) is a specialized form of user authentication that enables a user to be authenticated once, and gain access to resources on multiple systems/web applications during that session.

The benefits of using Single Sign On across your federation of web applications consist of:

  • Helps consolidate silos of identity stores that have cropped up over time with multiple web applications.
  • Improves user account provisioning process dramatically.
  • Provides a better end user experience using web SSO.
  • Improves efficiency when integrating user access to new applications including 3rd party ASP services like
  • Enables secure intra-company access to applications between enterprises and their partners, suppliers, and customer organizations.

Feature Summary

  • End-to-End secure cross domain/cross organization Single Sign On/Single Sign Out using industry standards like SAML
  • A more practical de-centralized approach to SSO as compared to the more limiting hub and spoke architecture.
  • Pluggable Identity Connector Framework to connect to custom Identity Storage systems like (JDBC databases etc). Includes a standard LDAP based Identity Connector. Successfully tested for Red Hat Directory Server, OpenLDAP, and OpenDS.
  • A clean separation between framework and application authentication. Supports both standard JAAS based authentication mechanism as well as custom authentication mechanisms such as (Struts actions, Servlet Filters,JSF Actions, Plain Servlets etc)
  • Seamless Integration with JBoss Portal. Work in progress for the JBoss SEAM Framework integration.


The JBoss SSO Framework is a collection of components that software developers can easily integrate within their existing web applications to create a federation of trusted web sites. The framework has support for important SSO standards such as SAML. The system consists of the following components:

Federation Server A Federation Server is used for securely propagating the Federation Token across web applications located in different security domains
Token Marshalling Framework This is a flexible/pluggable Java API to marshal/unmarshal a Federation Token. The system ships with a SAML-compliant Marshaller
Identity Connector Framework This is a flexible/pluggable Java API to connect to central identity stores. The system ships with a Provider to connect to LDAP based Identity Stores

The Project


  • JBoss Federated SSO CR1 Released. Details