Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Message-ID: <3A9EE9FB.8060602@bigpond.net.au>
Date: Fri, 02 Mar 2001 11:31:55 +1100
From: Jason Harrop <jharrop@bigpond.net.au>
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.13 i686; en-US; 0.7) Gecko/20010119
MIME-Version: 1.0
To: tomcat-dev@jakarta.apache.org
Subject: Re: [TC4] SingleSignOnSupport broken?
References: <3A9E54D6.3000109@bigpond.net.au> <3A9E7A21.97C237D2@eng.sun.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Craig R. McClanahan wrote:


> There is an (undocumented) restriction in the current implementation when using
> BASIC or DIGEST authentication with single sign on support -- the value you
> specify for <realm> in the security constraints needs to be the same for all of
> the webapps that are participating in the single sign on environment.  This is
> probably a bug (most of my development work was on using form-based login with
> this), but it should work if you use the same realm string.
> 

Craig, I did try it with identical <realm-name> in each web.xml file, 
before trying it with different ones.

If the realm names are identical, and i just use http basic 
authentication (which i do), what role would single sign on support 
play? I don't understand why it is needed at all - shouldn't the browser 
just send the authentication information to TC after receiving the 401 
with a WWW-Authenticate header?

thanks

Jason