>- With FORM authentication, the browser does NOT know that authentication
>has been requested - it simply serves the login form like any other. That
>means that it cannot re-send the login information for you. It is also my
>belief that the session information (in which the authentication
>information is stored on the server side) cannot be shared between
>different apps /web-apps. (The "shared" option refers to sharing session
>information between sites that serve the SAME web-app.) This means that
>users will have to log-on to every app individually.
According to the spec, "Web Single Signon" as specified in the J2EE
bluprints, Page 3-13. It requires that the same login session represents a
user to all the applications that they access. Can this be done for a
single web-site/multiple applications.....instead of multiple web-sites and
applications? I thought servers are required to support this.
>- Also note that usernames and passwords do not HAVE to be supplied in the
>principals.xml file. The Orion team has supplied methods to obtain them
>from a database or from some other system via entity beans. Check the
>different user managers for these features.
>I hope this helps. Since it may be of interest to others I have copied it
>to a few other groups. Hope you don't mind.
I've noticed these classes, but have no idea how to use them.....is there
documentation I don't know about? Or should I just know from reading the
spec? Most of the spec/blueprints is just theory w/some xml config.....can
you write the steps, including modifications to all XML files..and how to
use the UserManger's?
I'm really frustrated right now trying to get all my sites to work with a
single login and not making the user have to log in over and over.....
David
