| Summary: | org.apache.catalina.authenticator.SingleSignOn valve does not function | ||
|---|---|---|---|
| Product: | Tomcat 7 | Reporter: | chornsey |
| Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
| Status: | RESOLVED FIXED | ||
| Severity: | regression | ||
| Priority: | P2 | ||
| Version: | 7.0.0 | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | All | ||
| Attachments: |
First participating war file.
Second participating web appliaction. The tomcat jaas configuration file used on the test server. server.xml with sso valve enabled. eclipse jaas implementation project zipped. |
||
Can you provide a simple test case which demonstrates the problem? Created attachment 25879 [details]
First participating war file.
Please add the jaas.jar file from this project o you tomcat/lib folder as i contains the jaas principal and login module implementation.
Created attachment 25880 [details]
Second participating web appliaction.
Created attachment 25881 [details]
The tomcat jaas configuration file used on the test server.
Created attachment 25882 [details]
server.xml with sso valve enabled.
Created attachment 25883 [details]
eclipse jaas implementation project zipped.
This is the zipped eclipse project for all of the jaas files. Includes the source for the login module and principals.
I have added two war files, he server configuration, jaas configuration and the source code for the jaas implementation I used in this test case. Accessing the first web app requires a log in. Accessing the second app does not require a login. Using this test case in 6.x requires a login when accessing app 1, but not on the subsequent request for app2. Sorry about that. I broke SSO when I did the Lifecycle refactoring for 7.0.x I have fixed this in trunk and it will be included in 7.0.3 onwards. |
I have two web applications; neither declare a realm in the context.xml and both are configured for authentication in the web.xml using standard tomcat authentication methods. I have enabled the tomcat valve in the host and have added a realm to the host as well. <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Realm className="org.apache.catalina.realm.JAASRealm" appName="SSO" userClassNames="a.b.c" roleClassNames="a.b.c" useContextClassLoader="false"/> <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <Valve className="org.apache.catalina.authenticator.SingleSignOn"/> <!-- Access log processes all example. Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/> --> I have added a jaas configuration for the SSO app in the jaas.conf file for the server. I am certain that the realm, jaas.conf are all configured properly as the web applications do require a user to authenticate before accessing the application, but if I have authenticated to one application I still am required to authenticate before accessing the other application. I have this exact same configuration working on a tomcat 6 environment, but an identical configuration will not operate on a tomcat 7 server.