2013/7/19 Chao Wang <soul2zim...@gmail.com>: > > > > Hi all, > > I have an issue with SSO configuration in tomcat 7.0.42. > > According to the doc [1], it requires to enable SSO valve inside > server.xml. However, without making such modification, I deployed two > web-app test.war and test2.war (see attached file). Then, try to login > from /test, after successful login, I don't need to login a second time > for /test2 and can see the secured welcome page directly . That's > strange for me, is the SingleSignOn valve enabled by default in tomcat? > > FYI, I add following configuration in tomcat-user.xml > <role rolename="User"/> > <user username="test" password="pass.1234" roles="User"/> > > If it's not a real issue, please point me how that works, and I'd like > to know how could I set the reauthenticate parameter for SSO. > > [1] http://tomcat.apache.org/tomcat-7.0-doc/config/host.html#Single_Sign_On > > Thanks & Regards, >
1. Attachments are not allowed here http://tomcat.apache.org/lists.html#tomcat-users -> "7." 2. If you are using BASIC authentication, then the browser caches the password for this "server+realm name(*)" combination unless you close the browser window. (*) realm name = the name as displayed in the authentication prompt. The browser does not know the structure of your server and where lies a boundary between different resources on the same server. It is all the same site and the same realm name, so it reuses the cached password. Read more about BASIC authentication. (Better a RFC document, but a Wikipedia article also should explain the basics). --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
