tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: [TC4] SingleSignOnSupport broken?
Date Thu, 01 Mar 2001 16:34:41 GMT
Jason Harrop wrote:

> Hi
>
> I'm using the TC4 sources from cvs from Feb 17 (well after the last
> commit to org.apache.catalina.authenticator.SingleSignOn), with SlideRealm.
>
> I had been using three different webapps; each web.xml file had
> identical realm name, as in:
>
>     <login-config>
>      <auth-method>BASIC</auth-method>
>      <realm-name>myRealm</realm-name>
>
> Without the SingleSignOn valve, this worked well; well, subject to a
> problem with Internet Explorer which i'm asking about in a separate post.
>
> Because of that problem with Internet Explorer, i tried single sign on
> support instead.  However, it doesn't appear to work, in that I get an
> authentication challenge for each new realm (when i give the realm in
> each webapp a different name), and the logs always say "Checking for SSO
> cookie - SSO cookie is not present", as in:
>
> 2001-03-02 00:28:50 StandardHost[localhost]: Mapping request URI
> '/TestDrive-webdav/'
> 2001-03-02 00:28:50 StandardHost[localhost]:   Trying the longest
> context path prefix
> 2001-03-02 00:28:50 StandardHost[localhost]:  Mapped to context
> '/TestDrive-webdav'
> 2001-03-02 00:28:56 SingleSignOn[localhost]: Process request for
> '/TestDrive-webdav/'
> 2001-03-02 00:28:56 SingleSignOn[localhost]:  Checking for SSO cookie
> 2001-03-02 00:28:56 SingleSignOn[localhost]:  SSO cookie is not present
>
> i have turned on user cookie approval in the browser, and the only
> cookie which is getting set is the JSESSIONID cookie.
>
> Am i doing something which is obviously wrong? I've got the valve at the
> Host level.
>

There is an (undocumented) restriction in the current implementation when using
BASIC or DIGEST authentication with single sign on support -- the value you
specify for <realm> in the security constraints needs to be the same for all of
the webapps that are participating in the single sign on environment.  This is
probably a bug (most of my development work was on using form-based login with
this), but it should work if you use the same realm string.

>
> thanks
>
> Jason

Craig



Mime
View raw message