DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23881>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23881 SingleSignOn and FormAuthenticator in embedded tomcat Summary: SingleSignOn and FormAuthenticator in embedded tomcat Product: Tomcat 4 Version: 4.0 Beta 1 Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] SingleSignOn valve and FormAuthenticator fail to authenticate correctly when Tomcat works as embedded engine using a jaas realm (jboss). SingleSignOn code wrongly sets the principal inside request based on his cookie and FormAuthenticator just thinks everything is ok. In fact FormAuthenticator has to call authenticate again using the 'username' and 'password' stored inside the entry for that ssoId (value of the cookie). One way to fix it is to set only the request REQ_SSOID_NOTE (not the principal too) inside SingleSignOn valve. FormAuthenticator has to make a SingleSignOn lookup, retrieve the username and password and call authenticate. This should happen after checking (unsuccessfully) the credentials stored inside the session. This kind of fix made it working for me , although the code is still somewhat not optimal - (associate is called way to often, and the same for register , which will reset the cookie) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]