You may try Tomcat SSO https://issues.apache.org/jira/browse/OFBIZ-10047
Does not work yet in a cluster Jacques Le 12/03/2018 à 10:06, Deepak Dixit a écrit :
Hi Sonali Agrahari Your email has been moderated, Please subscribe to mailing list http://ofbiz.apache.org/mailing-lists.html Could you please share which ofbiz version you are using? You can configure it using session-config config in web.xml. Thanks & Regards -- Deepak Dixit www.hotwaxsystems.com www.hotwax.co ---------- Forwarded message ---------- From: Sonali Agrahari <[email protected]> To: [email protected] Cc: Bcc: Date: Mon, 12 Mar 2018 01:50:52 -0700 (MST) Subject: Security threats in OFbiz Hello all , How we can resolve " Privilege Escalation using an Under-Privileged User " security issue i,e After logged-in to application , URL with its external login key of that web page are copied to other browser, then that web page will be opened without login and we can access whole application. How it can be resolved .. Kindly help. Thank you Regards , Sonali Agrahari -- Sent from: http://ofbiz.135035.n4.nabble.com/OFBiz-User-f135036.html
