DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23881>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23881 SingleSignOn and FormAuthenticator in embedded tomcat ------- Additional Comments From [EMAIL PROTECTED] 2003-11-23 00:18 ------- Attached is a proposed patch. It adds a configurable attribute "requiresReauthentication" to SingleSignOn. If "false" (the default), applications will behave as they do now. If "true", each incoming request will need to be reauthenticated to the Realm. The various authenticators have been modified to handle this. In this case the SingleSignOnEntry serves as a store of authentication credentials. If the 1st webapp a user visits uses FORM or BASIC auth, and then they visit another app that requires DIGEST, the cached username/password from the FORM/BASIC authentication will not be sufficient information to do a digest authentication, so the user will be prompted for a digest login. Possibly we could add a config option to allow a username/password authentication to override the DIGEST auth specified in the web.xml. Similarly, if the user first visits a webapp with DIGEST auth, and then visits one that uses FORM or BASIC, again the cached credentials will not be sufficient (no cached password from the digest auth), so they will have to be prompted for their username/password. The attached patch includes logic that deals with all this and ensures that a single SSO session is maintained throughout. Of course, if webapps in a deployment don't mix their authentication schemes, none of the above details are an issue. This bug was raised against TC 4; sorry the patch is against TC 5. I can very easily pull together a TC4.1 version if desired. This patch also addresses bug 10040. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
