Jason Harrop wrote:
> Hi
>
> I'm using the TC4 sources from cvs from Feb 17 (well after the last
> commit to org.apache.catalina.authenticator.SingleSignOn), with SlideRealm.
>
> I had been using three different webapps; each web.xml file had
> identical realm name, as in:
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>myRealm</realm-name>
>
> Without the SingleSignOn valve, this worked well; well, subject to a
> problem with Internet Explorer which i'm asking about in a separate post.
>
> Because of that problem with Internet Explorer, i tried single sign on
> support instead. However, it doesn't appear to work, in that I get an
> authentication challenge for each new realm (when i give the realm in
> each webapp a different name), and the logs always say "Checking for SSO
> cookie - SSO cookie is not present", as in:
>
> 2001-03-02 00:28:50 StandardHost[localhost]: Mapping request URI
> '/TestDrive-webdav/'
> 2001-03-02 00:28:50 StandardHost[localhost]: Trying the longest
> context path prefix
> 2001-03-02 00:28:50 StandardHost[localhost]: Mapped to context
> '/TestDrive-webdav'
> 2001-03-02 00:28:56 SingleSignOn[localhost]: Process request for
> '/TestDrive-webdav/'
> 2001-03-02 00:28:56 SingleSignOn[localhost]: Checking for SSO cookie
> 2001-03-02 00:28:56 SingleSignOn[localhost]: SSO cookie is not present
>
> i have turned on user cookie approval in the browser, and the only
> cookie which is getting set is the JSESSIONID cookie.
>
> Am i doing something which is obviously wrong? I've got the valve at the
> Host level.
>
There is an (undocumented) restriction in the current implementation when using
BASIC or DIGEST authentication with single sign on support -- the value you
specify for <realm> in the security constraints needs to be the same for all of
the webapps that are participating in the single sign on environment. This is
probably a bug (most of my development work was on using form-based login with
this), but it should work if you use the same realm string.
>
> thanks
>
> Jason
Craig
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
