[prev in list] [next in list] [prev in thread] [next in thread] 

List:       forgerock-openam
Subject:    [Openam] Auto sign in the other OpenAM server
From:       kalinchih () gmail ! com (=?Big5?B?psCzzbVZL0thbGluIENoaWg=?=)
Date:       2010-11-19 19:02:25
Message-ID: AANLkTimF51GoeRQ5nhcgds0iA5cn8UL02=xHUjhJDqco () mail ! gmail ! com
[Download RAW message or body]

Hi,

My company have 2 business units and they have different customers.
So we decide to host 2 IdPs for the 2 business units.

However, a group of customers are shared by the 2 business units.
And both sides have the account mapping table.
So if an account exists in the account mapping table (customer in both
sides).
Is it possible that when the user has signed in a IdP, this IdP will auto
sign in the other IdP?

I assume this is a SP initiated SSO and will indicate that we want to send
the authentication request to the IdP.
After the IdP authentication, the IdP will check the account mapping table.
If the account does not exist in the account mapping table, the IdP (IdP A)
will return to the SP.
If the account exists in the account mapping table, the IdP (IdP A) will
play a SP role to auto sign in the other IdP (IdP B).

I know it's a very complex scenario.
Is it possible to use OpenAM/OpenSSO to implement this scenario?

I appreciate any feedback and advice.

Kalin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.forgerock.org/pipermail/openam/attachments/20101120/b7ecd703/attachment.html 

[prev in list] [next in list] [prev in thread] [next in thread]