Hi Edmund. I am sorry but I don't know much about SSO.
However I can tell you about JAAS in Tomcat. In 5 certainly there are issues. Essentially when you call the LoginModule to invoke your JAAS config it works but it does not authenticate the proper session Subject. What you end up doing (Or what I did) was place a request filter in the app that wraps the request with an overridden RequestWrapper and you write your own inUserInRole against the Subject that the LoginModule returns (By placing it in the session) If you want some code, taken from Wendy Smoak and others I can provide. -----Original Message----- From: Edmund Urbani [mailto:[EMAIL PROTECTED] Sent: 16 August 2005 13:14 To: Tomcat Users List Subject: howto configure JAAS+SSO hello! I'm trying to configure two webapps (slide and jetspeed2) for single-sign-on in the same tomcat instance. Both apps use JAAS and come with their own JAAS login modules. Is it possible to configure these (any?) two apps to share login info with JAAS. I started reading the JAAS docs recently and I tried putting the two login modules into one JAAS login context, but that does not seem to work, because the login module classes won't instantiate properly due to dependencies to their respective webapps. Can SSO be achieved without having the apps share one login context? Will I have to write my own login module(s)? Should I use a (completely) different approach to get SSO? Thanks for any help/advice. Edmund --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]