tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Harrop <>
Subject Re: [TC4] SingleSignOnSupport broken?
Date Fri, 02 Mar 2001 00:31:55 GMT
Craig R. McClanahan wrote:

> There is an (undocumented) restriction in the current implementation when using
> BASIC or DIGEST authentication with single sign on support -- the value you
> specify for <realm> in the security constraints needs to be the same for all of
> the webapps that are participating in the single sign on environment.  This is
> probably a bug (most of my development work was on using form-based login with
> this), but it should work if you use the same realm string.

Craig, I did try it with identical <realm-name> in each web.xml file, 
before trying it with different ones.

If the realm names are identical, and i just use http basic 
authentication (which i do), what role would single sign on support 
play? I don't understand why it is needed at all - shouldn't the browser 
just send the authentication information to TC after receiving the 401 
with a WWW-Authenticate header?



View raw message