Re: Multiple Virtual Hosts Single Sign On

Tue, 28 Jan 2003 16:13:38 -0800

Hm, you might be right on that - I've never actually done it. If you have a single <Host> defined in Tomcat, and enable single-signon, you'll get back a JSESSIONSSOID cookie. I would <i>think</i> that Tomcat could handle that in any context within the <Host>, but again, I haven't tested it.

Lajos


Victor Soares wrote:
Lajos,
Yes, the 3 sites are going to be on the same box and apache is sitting in front.

I haven't tried this, so correct me if I'm wrong... but from what I understand, even if I JkMount directories within the virtual hosts to the same Tomcat instance, the session will not span all 3 hosts. The session is tied to a cookie that is only valid to the host that issued it. i.e. I'd get a session cookie from www.ci.tigard.or.us and it would only be valid within www.ci.tigard.or.us.

thanks,
- victor



[EMAIL PROTECTED] 01/28/03 03:58PM >>>



Victor -



If you are talking about across different Tomcat instances no, there is 
not (unless you want to write your own realm). If you have three virtual 
hosts on the same server, the Tomcat SSO solution will support that. Are 
you fronting Tomcat with Apache? 'Cause what you could do is have the 
three virtual hosts defined in Apache and have individual JkMount 
commands to make the correct context(s) avialable to each host. Just a 
thought.



Regards,



Lajos





Victor Soares wrote:




Hello,

I have dug through the tomcat-user archives and have seen this question come up several times, but there was no concrete solution so I'll bring it up again.



For an upcoming project, I am going to have 3 websites. ex:

library.ci.tigard.or.us

police.ci.tigard.or.us

www.ci.tigard.or.us 


Each website will have some features that require a login. It would be logical to have the same username and password for all 3 and even more logical for the user to only have to authenticate once for all 3 and have his/her session data maintained and available to all 3.



Is there a single sign on solution that would provide that capability?



This concept of single sign on should not be confused with Tomcat's SSO. Tomcat's SSO only provides SSO for different contexts within one virtual host. This is more of a SSO solution along the lines of the .net passport.



Any help would be much appreciated.



Thanks,

- Victor Soares





---------------------------------------------------------------------

To unsubscribe, e-mail: [EMAIL PROTECTED] 
For additional commands, e-mail: [EMAIL PROTECTED] 











--



                   Lajos Moczar
      ----------------------------------------
    Open Source Support, Consulting and Training
      ----------------------------------------
            Cocoon Developer's Handbook
 (www.amazon.com/exec/obidos/tg/detail/-/0672322579)

                   _      _____
                  / \         /
                 /___\      /
                /     \   /____

     http://www.galatea.com -- powered by AzSSL


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
























					Reply via email to