RE: SingleSignOn valve enabled by default?

2013-07-23 Thread Martin Gainty 
NO:
 





YES:
 




Martin 
__ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.

 
Date: Fri, 19 Jul 2013 20:16:32 +0800
From: soul2zim...@gmail.com
To: users@tomcat.apache.org
Subject: SingleSignOn valve enabled by default?

 
 
 
Hi all,
 
I have an issue with SSO configuration in tomcat 7.0.42.
 
According to the doc [1],  it requires to enable SSO valve inside
server.xml. However, without making such modification, I deployed two
web-app test.war and test2.war (see attached file). Then, try to login
from /test, after successful login, I don't need to login a second time
for /test2 and can see the secured welcome page directly . That's
strange for me, is the SingleSignOn valve enabled by default in tomcat?
 
FYI, I add following configuration in tomcat-user.xml


 
If it's not a real issue, please point me how that works, and I'd like
to know how could I set the reauthenticate parameter for SSO.
 
[1] http://tomcat.apache.org/tomcat-7.0-doc/config/host.html#Single_Sign_On
 
Thanks & Regards,
 
 
 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SingleSignOn valve enabled by default?

2013-07-19 Thread Konstantin Kolinko 
2013/7/19 Chao Wang :
>
>
>
> Hi all,
>
> I have an issue with SSO configuration in tomcat 7.0.42.
>
> According to the doc [1],  it requires to enable SSO valve inside
> server.xml. However, without making such modification, I deployed two
> web-app test.war and test2.war (see attached file). Then, try to login
> from /test, after successful login, I don't need to login a second time
> for /test2 and can see the secured welcome page directly . That's
> strange for me, is the SingleSignOn valve enabled by default in tomcat?
>
> FYI, I add following configuration in tomcat-user.xml
> 
> 
>
> If it's not a real issue, please point me how that works, and I'd like
> to know how could I set the reauthenticate parameter for SSO.
>
> [1] http://tomcat.apache.org/tomcat-7.0-doc/config/host.html#Single_Sign_On
>
> Thanks & Regards,
>


1. Attachments are not allowed here
http://tomcat.apache.org/lists.html#tomcat-users
-> "7."

2. If you are using BASIC authentication,
then the browser caches the password for this "server+realm name(*)"
combination unless you close the browser window.

(*) realm name = the name as displayed in the authentication prompt.

The browser does not know the structure of your server and where lies
a boundary between different resources on the same server. It is all
the same site and the same realm name, so it reuses the cached
password.


Read more about BASIC authentication.
(Better a RFC document, but a Wikipedia article also should explain the basics).

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org