I have two web applications; neither declare a realm in the context.xml and both are configured for authentication in the web.xml using standard tomcat authentication methods. I have enabled the tomcat valve in the host and have added a realm to the host as well. <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Realm className="org.apache.catalina.realm.JAASRealm" appName="SSO" userClassNames="a.b.c" roleClassNames="a.b.c" useContextClassLoader="false"/> <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <Valve className="org.apache.catalina.authenticator.SingleSignOn"/> <!-- Access log processes all example. Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/> --> I have added a jaas configuration for the SSO app in the jaas.conf file for the server. I am certain that the realm, jaas.conf are all configured properly as the web applications do require a user to authenticate before accessing the application, but if I have authenticated to one application I still am required to authenticate before accessing the other application. I have this exact same configuration working on a tomcat 6 environment, but an identical configuration will not operate on a tomcat 7 server.
Can you provide a simple test case which demonstrates the problem?
Created attachment 25879 [details] First participating war file. Please add the jaas.jar file from this project o you tomcat/lib folder as i contains the jaas principal and login module implementation.
Created attachment 25880 [details] Second participating web appliaction.
Created attachment 25881 [details] The tomcat jaas configuration file used on the test server.
Created attachment 25882 [details] server.xml with sso valve enabled.
Created attachment 25883 [details] eclipse jaas implementation project zipped. This is the zipped eclipse project for all of the jaas files. Includes the source for the login module and principals.
I have added two war files, he server configuration, jaas configuration and the source code for the jaas implementation I used in this test case. Accessing the first web app requires a log in. Accessing the second app does not require a login. Using this test case in 6.x requires a login when accessing app 1, but not on the subsequent request for app2.
Sorry about that. I broke SSO when I did the Lifecycle refactoring for 7.0.x I have fixed this in trunk and it will be included in 7.0.3 onwards.