Craig R. McClanahan wrote:
> There is an (undocumented) restriction in the current implementation when using
> BASIC or DIGEST authentication with single sign on support -- the value you
> specify for <realm> in the security constraints needs to be the same for all of
> the webapps that are participating in the single sign on environment. This is
> probably a bug (most of my development work was on using form-based login with
> this), but it should work if you use the same realm string.
>
Craig, I did try it with identical <realm-name> in each web.xml file,
before trying it with different ones.
If the realm names are identical, and i just use http basic
authentication (which i do), what role would single sign on support
play? I don't understand why it is needed at all - shouldn't the browser
just send the authentication information to TC after receiving the 401
with a WWW-Authenticate header?
thanks
Jason
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
