[JBoss-user] [Security & JAAS/JBoss] - Single sign on across all web apps, all hosts and all virtua
I can enable single sign-on across web apps deployed to a host AND to all other hosts in the cluster with the same virtual hostname using org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn. However I can't manage to enable single sign-on across all web apps AND all hosts AND all virtual hosts. I thought that setting the partitionName attribute of the valve to the same value for all the virtual hostnames might do it, but it appears not from my testing. Does anyone know how to do this? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3872732#3872732 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3872732 --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: SSO and disable caching of security credentials fails in
I found the solution: add attribute requireReauthorization and set to true for the valve View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3862317#3862317 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3862317 --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - SSO and disable caching of security credentials fails in Jbo
I have two applications each with their own context root and each has their own JAAS security domain. I have a set of users with the same logon credentials for both security domains but with differing roles for each domain. I have enabled SSO by uncommenting the valve org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn in deploy/jbossweb-tomcat50.sar/server.xml. I have also disabled caching of security credentials by setting to zero the DefaultCacheTimeout and DefaultCacheResolution attributes of the JAAS security manager and realm mapping mbean in conf/jboss-service.xml I would expect the resultant behaviour to be that a user is asked to sign on once but roles would be determined for every access. However it appears that roles are determined at the point of sign on and not for every access. Am I missing something here? Dependant upon which resource the user attempts to access first their roles are set for the domain that the resource exists in. If they stay within that domain then everything is fine as they will only have access as their roles permit. If however they attempt to access a susequent domain where they have less roles then they can access resources that they shouldn't be able to. Is it possible (using declarative security) to have a user authenticate once across multiple applications (within a cluster) but to have authorization determined for every access? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3862277#3862277 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3862277 --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Cross-context form-based authentication
I have two applications each with their own context root and each has their own JAAS security domain. I have a set of users with the same logon credentials for both security domains but with differing roles for each domain. If I set the auth-method for both apps to BASIC then I can authenticate for one app and get the correct roles and then switch to the url of the other app and get the correct roles for that app. I do not need to re-authenticate when switching between apps. If I set the auth-method for both apps to FORM then I can authenticate for one app and get the correct roles however if I switch the url in the browser to point to the second app I have to re-authenticate myself. (I do however get the correct roles). Is there a way to get form based authentication to store the user credentials in the same ?magic way? that basic authentication does, and thus allow me to logon once? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3861683#3861683 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3861683 --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user