Bug 49670 - org.apache.catalina.authenticator.SingleSignOn valve does not function
org.apache.catalina.authenticator.SingleSignOn valve does not function
Status: RESOLVED FIXED
Product: Tomcat 7
Classification: Unclassified
Component: Catalina
7.0.0
PC All
: P2 regression (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2010-07-29 10:43 UTC by chornsey
Modified: 2010-08-23 16:16 UTC (History)
0 users



Attachments
First participating war file. (4.47 KB, application/octet-stream)
2010-08-11 23:14 UTC, chornsey
Details
Second participating web appliaction. (4.48 KB, application/octet-stream)
2010-08-11 23:14 UTC, chornsey
Details
The tomcat jaas configuration file used on the test server. (191 bytes, application/octet-stream)
2010-08-11 23:16 UTC, chornsey
Details
server.xml with sso valve enabled. (6.23 KB, text/plain)
2010-08-11 23:17 UTC, chornsey
Details
eclipse jaas implementation project zipped. (5.79 KB, application/zip)
2010-08-11 23:21 UTC, chornsey
Details

Note You need to log in before you can comment on or make changes to this bug.
Description chornsey 2010-07-29 10:43:35 UTC
I have two web applications; neither declare a realm in the context.xml and both are configured for authentication in the web.xml using standard tomcat authentication methods.  I have enabled the tomcat valve in the host and have added a realm to the host as well.

      <Host name="localhost"  appBase="webapps" unpackWARs="true" autoDeploy="true">
      	<Realm className="org.apache.catalina.realm.JAASRealm" appName="SSO" userClassNames="a.b.c" roleClassNames="a.b.c" useContextClassLoader="false"/>
        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <Valve className="org.apache.catalina.authenticator.SingleSignOn"/>
        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"  
               prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
        -->

I have added a jaas configuration for the SSO app in the jaas.conf file for the server.  I am certain that the realm, jaas.conf are all configured properly as the web applications do require a user to authenticate before accessing the application, but if I have authenticated to one application I still am required to authenticate before accessing the other application.

I have this exact same configuration working on a tomcat 6 environment, but an identical configuration will not operate on a tomcat 7 server.
Comment 1 Pid 2010-08-03 05:47:07 UTC
Can you provide a simple test case which demonstrates the problem?
Comment 2 chornsey 2010-08-11 23:14:16 UTC
Created attachment 25879 [details]
First participating war file.

Please add the jaas.jar file from this project o you tomcat/lib folder as i contains the jaas principal and login module implementation.
Comment 3 chornsey 2010-08-11 23:14:56 UTC
Created attachment 25880 [details]
Second participating web appliaction.
Comment 4 chornsey 2010-08-11 23:16:18 UTC
Created attachment 25881 [details]
The tomcat jaas configuration file used on the test server.
Comment 5 chornsey 2010-08-11 23:17:43 UTC
Created attachment 25882 [details]
server.xml with sso valve enabled.
Comment 6 chornsey 2010-08-11 23:21:31 UTC
Created attachment 25883 [details]
eclipse jaas implementation project zipped.

This is the zipped eclipse project for all of the jaas files.  Includes the source for the login module and principals.
Comment 7 chornsey 2010-08-11 23:23:54 UTC
I have added two war files, he server configuration, jaas configuration and the source code for the jaas implementation I used in this test case.

Accessing the first web app requires a log in.  Accessing the second app does not require a login.  Using this test case in 6.x requires a login when accessing app 1, but not on the subsequent request for app2.
Comment 8 Mark Thomas 2010-08-23 16:16:42 UTC
Sorry about that. I broke SSO when I did the Lifecycle refactoring for 7.0.x

I have fixed this in trunk and it will be included in 7.0.3 onwards.