tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mariano López <marianolopezd...@gmail.com>
Subject Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
Date Fri, 11 Jun 2010 11:22:48 GMT
After debugging my apps I notice that all session context all correctly
invalidated except one context.

I have made test with four context, three of them are correctly invalidated
and just one remains the user's session.

I don't understand what is happened with this case.

Best regards,

Mariano

2010/6/11 Mariano López <marianolopezdiaz@gmail.com>

> I just tried requireReauthentication in SingleSignOn valve and always
> drives me to login page, so with this does not work.
>
> Best regards,
>
> Mariano
>
>
> ---------- Forwarded message ----------
> From: Pid <pid@pidster.com>
> Date: 2010/6/10
> Subject: Re: How to finalize all sessions in a server with SingleSignOn
> valve activated ?
> To: Tomcat Users List <users@tomcat.apache.org>
>
>
> On 10/06/2010 09:05, Mariano López wrote:
> > According to
> >
> http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On
> >
> > *As soon as the user logs out of one web application (for example, by
> > invalidating the corresponding session if form based login is used), the
> > user's sessions in *all* web applications will be invalidated. Any
> > subsequent attempt to access a protected resource in any application
> > will require the user to authenticate himself or herself again.*
>
> Yes, I know what it says, and it works for me - but I'm not using a
> custom JAAS setup.
>
> > This is just what i need, i suppose that this is a bug.
>
> The point I was making was that I wasn't sure if custom JAAS
> automatically worked with the SSO valve, although my gut feeling is that
> it should.
>
> Maybe one of the devs will have something to say.
>
> Did you try setting "requireReauthentication"?
>
>
> p
>
> > I will search in bug database for this problem.
> >
> > Thank you very much for your help,
> >
> > Mariano
> >
> > 2010/6/9 Pid <pid@pidster.com <mailto:pid@pidster.com>>
> >
> >     On 09/06/2010 11:58, Mariano López wrote:
> >     > Yes, all of the apps are in the same Host.
> >     >
> >     > Here is my server.xml file:
> >
> >
> >     >     <Engine name="Catalina" defaultHost="localhost">
> >     >
> >     >       <Realm className="org.apache.catalina.realm.JAASRealm"
> >     >              resourceName="jdbc/ds_usuarios_jaas_Local"
> >     >              appName="Usuarios"
> >     >
> >     >
> >
> userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP"
> >     >
> >     >
> >
> roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/>
> >     >
> >     >       <Host name="localhost"  appBase="webapps"
> >     >             unpackWARs="true" autoDeploy="false"
> >     >             xmlValidation="false" xmlNamespaceAware="false">
> >     >
> >     >         <Valve
> >     className="org.apache.catalina.authenticator.SingleSignOn" />
> >     >
> >     >
> >     >       </Host>
> >
> >     I don't know if the SSO valve makes any guarantees about working with
> >     custom JAASRealm's.
> >
> >     Try setting "requireReauthentication" to true.
> >
> >     http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#SingleSign On
> >     Valve
> >
> >
> >     p
> >
> >
> >
> >
> >
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message