Frederic Kam-Thong wrote:
> The J2EE spec makes it clear that single sign-on for web-based applications
> should be supported (J2EE spec, section 3.4.1.1). The specification says:
> "It must be possible for one login session to span more than one
> application, allowing a user to log in once and access multiple
> applications."
>
> Is single sign-on supported by Tomcat 3.21?
>
Not in the sense that the spec talks about. You can share a "realm" of users
and passwords across webapps in Tomcat 3.2.1, but you have to authenticate
yourself to each webapp individually.
Tomcat 4.0 supports the single signon feature (within a virtual host), as
follows: the first time you access a protected resource, you are asked to
authenticate yourself. Now, you can go access protected pages in all the other
related webapps without having to sign in again.
>
> Frederic Kam-Thong
>
Craig McClanahan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]