Josh Gooding wrote:
To my knowledge the Single Sign on in Tomcat is a way for all of your back
end applications in your VH to recognize that you have logged in to one
place, and all of the apps belonging to that VH will be logged into.
Well, "kind of"..
What I am trying to do is restrict the login from users to one single
session. (i.e. if you are logged in once, you cannot log in again unless
your session expires or you log out.) Is this possible with what is
included with Tomcat or is this going to take some custom code? Either way
us fine, i'm just trying to use the server to handle as much of the work
load as possible and lessen the actual coding load.
It really depends on what kind of "login" (or rather, user
authentication) you have set up.
If you are using Tomcat's integrated (or container-based) authentication
mechanism, then as far as I know the authenticated user-id is something
that will be stored in the session data. As long as the session is
valid, the user will not be asked to re-authenticate. As soon as the
session is invalidated and they try to access a webapp that is submitted
to AAA, they will be asked to login again. This is true for all webapps
that are in the same "realm".
It is fairly well explained here :
http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On
The keys here are which kind of AAA you are using, the Realm of your
webapps, the session and its associated cookie.
Note that this kind of SSO is Tomcat-specific, and valid only for a
single Tomcat.
What many of my customers understand by SSO is a bit different : it
means that they wish to login once in the morning when they turn on
their workstation, and never again during the day. They then want this
single login to be valid, automatically, for all servers and
applications they access during the day, whether they are running under
Tomcat or not (but also the ones running under Tomcat).
That's a different story.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org