After debugging my apps I notice that all session context all correctly invalidated except one context.
I have made test with four context, three of them are correctly invalidated and just one remains the user's session. I don't understand what is happened with this case. Best regards, Mariano 2010/6/11 Mariano López <marianolopezd...@gmail.com> > I just tried requireReauthentication in SingleSignOn valve and always > drives me to login page, so with this does not work. > > Best regards, > > Mariano > > > ---------- Forwarded message ---------- > From: Pid <p...@pidster.com> > Date: 2010/6/10 > Subject: Re: How to finalize all sessions in a server with SingleSignOn > valve activated ? > To: Tomcat Users List <users@tomcat.apache.org> > > > On 10/06/2010 09:05, Mariano López wrote: > > According to > > > http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On > > > > *As soon as the user logs out of one web application (for example, by > > invalidating the corresponding session if form based login is used), the > > user's sessions in *all* web applications will be invalidated. Any > > subsequent attempt to access a protected resource in any application > > will require the user to authenticate himself or herself again.* > > Yes, I know what it says, and it works for me - but I'm not using a > custom JAAS setup. > > > This is just what i need, i suppose that this is a bug. > > The point I was making was that I wasn't sure if custom JAAS > automatically worked with the SSO valve, although my gut feeling is that > it should. > > Maybe one of the devs will have something to say. > > Did you try setting "requireReauthentication"? > > > p > > > I will search in bug database for this problem. > > > > Thank you very much for your help, > > > > Mariano > > > > 2010/6/9 Pid <p...@pidster.com <mailto:p...@pidster.com>> > > > > On 09/06/2010 11:58, Mariano López wrote: > > > Yes, all of the apps are in the same Host. > > > > > > Here is my server.xml file: > > > > > > > <Engine name="Catalina" defaultHost="localhost"> > > > > > > <Realm className="org.apache.catalina.realm.JAASRealm" > > > resourceName="jdbc/ds_usuarios_jaas_Local" > > > appName="Usuarios" > > > > > > > > > userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP" > > > > > > > > > roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/> > > > > > > <Host name="localhost" appBase="webapps" > > > unpackWARs="true" autoDeploy="false" > > > xmlValidation="false" xmlNamespaceAware="false"> > > > > > > <Valve > > className="org.apache.catalina.authenticator.SingleSignOn" /> > > > > > > > > > </Host> > > > > I don't know if the SSO valve makes any guarantees about working with > > custom JAASRealm's. > > > > Try setting "requireReauthentication" to true. > > > > http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#SingleSign On > > Valve > > > > > > p > > > > > > > > > > > > > >
