I am trying to understand what is needed to implement single signon and identified access across our organization. From what I can specify a user identity through JGSS so that user/password are not needed. I am in the process of setting up Kerberos (MIT doesn't really make installing their implementation easy for outsiders) and hope to do some real testing soon.

Has anyone implemented this with Hibernate and if you have can you outline the process? On the surface, it would appear that I can use Kerberos directly for iSeries (DB2, Telnet, etc) and Windows access. JGSS provides similar support for Java. I am not sure if this will help us against Oracle but it seems likely.

My goal is to identify users across systems and securely share authentication. A bonus would be to map user rights across those systems and enterprise identity mapping (EIM) seems like it might be useful. Has anyone been down that road?

Thanks,

David Morris

Not quite what you are asking, but I just read an article that shows some actual Java code for using GSS. Perhaps it will be of some help to you:

http://www-106.ibm.com/developerworks/l ... ca=dnt-436

This subject is of interested to me as well. I'm not quite sure what you're asking w/regards to Hibernate though. I see Hibernate as only partially related to the single-signon issue; that is, in a SS scenario, you very often end up with user authentication and some user data coming from the SS source, but local applicaiton specific user data accessed with something like Hibernate, and this user needs to be mapped to and considered the same user as the authenticated user from the SS source...

Regards,
Colin