>From the jboss-3.2.3 release notes:
The tomcat4.1.x single sign-on behavior has been updated to allow for propagation of
the web app security context to the ejb container and other secured resources.
Configuration: In the jbossweb-tomcat41.sar/META-INF/jboss-service.xml file,
inside the element of any virtual hosts for which you want
single sign-on support, add a element:
< Valve className="org.jboss.web.tomcat.tc4.authenticator.SingleSignOn" debug="0"/
>
The "debug" attribute specifies the detail level of debugging messages created by this
component.
By default, this is set to zero (0), which means no debug output. A value of two (2)
produces
a large amount of output, similar to DEBUG or TRACE level logging with Log4j.
Please note the Tomcat SingleSignOn valve stores SSO keys in a map maintained
in the
local JVM; it is not shared across a cluster. This release does not deal with
that limitation;
it allows SSO between multiple webapps deployed on one server, but it isn't
cluster-aware.
Notes on mixing different authentication schemes in webapps under the same
virtual host:
There are some differences between the way this valve works and the way the standard
Tomcat valve
works in a situation where different webapps under the same virtual host use different
authentication
schemes. This is because JBoss requires that each request from the user be
reauthenticated; therefore
when each request comes in, the SingleSignOn valve needs to have available in its
cache sufficient
security information to reauthenticate the user.
If when accessing a virtual host the user first visits a webapp that uses FORM or
BASIC authentication, and then they visit another webapp that requires DIGEST, the
cached username/password from the FORM/BASIC authentication will not be sufficient
information to do a digest authentication, so the user will be prompted for a digest
login. Once a digest login succeeds, the browser automatically sends authentication
information with each request, so thereafter the user can switch between DIGEST and
FORM/BASIC webapps without issue
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822432#3822432
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822432
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
