Is anyone aware of any known issues regarding the use of SingleSignOn within an aliased host?
I currently have a single host defined in server.xml (say, "www.hostname.com <www.hostname.com> ") with one alias defined for that host (say, "secure.hostname.com"). I am using SSL & container-managed security (form based) to segregate account signup, account management and other secured portions of the site from the generally accessible areas. The problem I am having is that once I authententicate myself via https to secure.hostname.com, if I surf over to the unsecured site via an http call to www.hostname.com <www.hostname.com> all knowledge of myself has disappeared (i.e. calls to getUserPrincipal() return null). Does this make sense? Any thoughts??? Thanks in advance to any help that you may be able to provide, Scott
