During testing of logout from SingleSignOn, I discovered that the logout
failed because when using CLIENT-CERT SSLAuthenticator.java authenticate
method never associate the session with SingleSignOn. I wonder those who
have access to Source could pls fix SSLAuthenticator.java. TIA.
Kar
PS Here are the bit of codes in FormAuthenticator.java I think should also
be in SSLAuthenticator.java
// Have we already authenticated someone?
Principal principal = hreq.getUserPrincipal();
if (principal != null) {
if (debug >= 1)
log("Already authenticated '" +
principal.getName() + "'");
String ssoId = (String)
request.getNote(Constants.REQ_SSOID_NOTE);
if (ssoId != null)
associate(ssoId, getSession(request, true));
return (true);
}
