Single sign-on tutorial

The aim of this tutorial is to show basics for simply delegating the start of any GWC application to another service in order to handle the authentication.

The objectives of this tutorial:
Diagram of the tutorial workflow, where (1) user enters a URL (2) service creates cookie (split decision) if valid, starts the application. If not valid or null, display a login page and submit username and password. Then if valid, start the application. If not valid, repeat login process.

Figure 1. Single sign-on tutorial workflow

This service should be adaptable for any application.

Important:

This tutorial will help you to understand how to handle authentication using a REST service. However the methods we will show you demonstrate basic mechanisms - simple authentication with user/password hard-coded in your code and addition of a cookie mechanism. On production sites, the security should be improved. You will need to handle the recommendations mentioned in the last step of this tutorial.