Greeting Tomcat gurus, I'm experiencing some problems implementing SSO across two webapps. Basically we have a main website which presently uses FORM authentication with a JAASRealm – this works fine for the website. However we now want to add a forum, specifically JForum ( www.jforum.net ) as it supports SSO. Ideally we want to install it as a separate webapp.
By default JForum supports SSO by calling request.getRemoteUser(). But if the user is authenticated in the first webapp. For the main website we have context.xml in website/META-INF/, with crossContext enabled and the JAASRealm specified. A quick note about the JAAS setup, I don't know whether this has any implications regarding SSO - The JAASRealm has useContextClassLoader set to false, therefore the LoginModule is a class of the website, not a .jar in the Tomcat shared library. With crossContext enabled in the main webapp, calling getRemoteUser() in the jforum webapp returns null and I'm not sure why. Essentially my question is how do I enable cross-context sessions? Indeed, if I set a session attribute in one webapp, how do I access it in from another webapp period? Is this the way to do it: Set attribute in webapp1: request.getSession().getServletContext().getContext("/webapp2").setAttribute("test", "Hello"); Access attribute in webapp2: request.getSession().getServletContext().getContext("/webapp2").getAttribute("test"); Thanks for your time. Alan. -- View this message in context: http://www.nabble.com/Single-Sign-On-across-multiple-webapps-tf4505100.html#a12848283 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]