I have three java web (.war) projects with different contexts within the same EAR.
I need the user to authenticate in an application and then I traffic this information between the other projects. Searching a little I found some well-designed approaches like Single Sign On, but I do not know if it is necessary to use something so complex for this type of problem. Home I would like your opinion on what approach to use.
Environment: Applications in JSF using JavaEE and Wildfly server
Do you know how Single Sign On works? I will speak according to the protocols OAuth and SAML, both in version 2.0. Come on, you will have a third person involved, an identity server, the at the time of authentication the user will not inform your credentials to your application but rather to the third party involved (your identity server) The same goes for credentials, did it work? if yes it must generate a token (unique identification key), and return those token to the user, from now whenever you need the user data just send that token to the identity server, ready any application that have that token will receive the user data, in this you ensure that the user enters their credentials only once.
You have a very good product to do this, WSO2 IS of the one researched there. And remember, quality always.
