tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mariano López <marianolopezd...@gmail.com>
Subject Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
Date Thu, 10 Jun 2010 08:05:50 GMT
According to
http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On

*As soon as the user logs out of one web application (for example, by
invalidating the corresponding session if form based login is used), the
user's sessions in all web applications will be invalidated. Any subsequent
attempt to access a protected resource in any application will require the
user to authenticate himself or herself again.*

This is just what i need, i suppose that this is a bug.

I will search in bug database for this problem.

Thank you very much for your help,

Mariano

2010/6/9 Pid <pid@pidster.com>

> On 09/06/2010 11:58, Mariano López wrote:
> > Yes, all of the apps are in the same Host.
> >
> > Here is my server.xml file:
>
>
> >     <Engine name="Catalina" defaultHost="localhost">
> >
> >       <Realm className="org.apache.catalina.realm.JAASRealm"
> >              resourceName="jdbc/ds_usuarios_jaas_Local"
> >              appName="Usuarios"
> >
> > userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP"
> >
> >
> roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/>
> >
> >       <Host name="localhost"  appBase="webapps"
> >             unpackWARs="true" autoDeploy="false"
> >             xmlValidation="false" xmlNamespaceAware="false">
> >
> >         <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> />
> >
> >
> >       </Host>
>
> I don't know if the SSO valve makes any guarantees about working with
> custom JAASRealm's.
>
> Try setting "requireReauthentication" to true.
>
> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Single Sign On
> Valve
>
>
> p
>
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message