Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
I just tried requireReauthentication in SingleSignOn valve and always drives me to login page, so with this does not work. Best regards, Mariano -- Forwarded message -- From: Pid p...@pidster.com Date: 2010/6/10 Subject: Re: How to finalize all sessions in a server with SingleSignOn valve activated ? To: Tomcat Users List users@tomcat.apache.org On 10/06/2010 09:05, Mariano López wrote: According to http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On *As soon as the user logs out of one web application (for example, by invalidating the corresponding session if form based login is used), the user's sessions in *all* web applications will be invalidated. Any subsequent attempt to access a protected resource in any application will require the user to authenticate himself or herself again.* Yes, I know what it says, and it works for me - but I'm not using a custom JAAS setup. This is just what i need, i suppose that this is a bug. The point I was making was that I wasn't sure if custom JAAS automatically worked with the SSO valve, although my gut feeling is that it should. Maybe one of the devs will have something to say. Did you try setting requireReauthentication? p I will search in bug database for this problem. Thank you very much for your help, Mariano 2010/6/9 Pid p...@pidster.com mailto:p...@pidster.com On 09/06/2010 11:58, Mariano López wrote: Yes, all of the apps are in the same Host. Here is my server.xml file: Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.JAASRealm resourceName=jdbc/ds_usuarios_jaas_Local appName=Usuarios userClassNames=org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP roleClassNames=org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.authenticator.SingleSignOn / /Host I don't know if the SSO valve makes any guarantees about working with custom JAASRealm's. Try setting requireReauthentication to true. http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Single Sign On Valve p signature.asc Description: PGP signature - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
After debugging my apps I notice that all session context all correctly invalidated except one context. I have made test with four context, three of them are correctly invalidated and just one remains the user's session. I don't understand what is happened with this case. Best regards, Mariano 2010/6/11 Mariano López marianolopezd...@gmail.com I just tried requireReauthentication in SingleSignOn valve and always drives me to login page, so with this does not work. Best regards, Mariano -- Forwarded message -- From: Pid p...@pidster.com Date: 2010/6/10 Subject: Re: How to finalize all sessions in a server with SingleSignOn valve activated ? To: Tomcat Users List users@tomcat.apache.org On 10/06/2010 09:05, Mariano López wrote: According to http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On *As soon as the user logs out of one web application (for example, by invalidating the corresponding session if form based login is used), the user's sessions in *all* web applications will be invalidated. Any subsequent attempt to access a protected resource in any application will require the user to authenticate himself or herself again.* Yes, I know what it says, and it works for me - but I'm not using a custom JAAS setup. This is just what i need, i suppose that this is a bug. The point I was making was that I wasn't sure if custom JAAS automatically worked with the SSO valve, although my gut feeling is that it should. Maybe one of the devs will have something to say. Did you try setting requireReauthentication? p I will search in bug database for this problem. Thank you very much for your help, Mariano 2010/6/9 Pid p...@pidster.com mailto:p...@pidster.com On 09/06/2010 11:58, Mariano López wrote: Yes, all of the apps are in the same Host. Here is my server.xml file: Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.JAASRealm resourceName=jdbc/ds_usuarios_jaas_Local appName=Usuarios userClassNames=org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP roleClassNames=org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.authenticator.SingleSignOn / /Host I don't know if the SSO valve makes any guarantees about working with custom JAASRealm's. Try setting requireReauthentication to true. http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#SingleSign On Valve p
Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
According to http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On *As soon as the user logs out of one web application (for example, by invalidating the corresponding session if form based login is used), the user's sessions in all web applications will be invalidated. Any subsequent attempt to access a protected resource in any application will require the user to authenticate himself or herself again.* This is just what i need, i suppose that this is a bug. I will search in bug database for this problem. Thank you very much for your help, Mariano 2010/6/9 Pid p...@pidster.com On 09/06/2010 11:58, Mariano López wrote: Yes, all of the apps are in the same Host. Here is my server.xml file: Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.JAASRealm resourceName=jdbc/ds_usuarios_jaas_Local appName=Usuarios userClassNames=org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP roleClassNames=org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.authenticator.SingleSignOn / /Host I don't know if the SSO valve makes any guarantees about working with custom JAASRealm's. Try setting requireReauthentication to true. http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Single Sign On Valve p
Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
On 10/06/2010 09:05, Mariano López wrote: According to http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On *As soon as the user logs out of one web application (for example, by invalidating the corresponding session if form based login is used), the user's sessions in *all* web applications will be invalidated. Any subsequent attempt to access a protected resource in any application will require the user to authenticate himself or herself again.* Yes, I know what it says, and it works for me - but I'm not using a custom JAAS setup. This is just what i need, i suppose that this is a bug. The point I was making was that I wasn't sure if custom JAAS automatically worked with the SSO valve, although my gut feeling is that it should. Maybe one of the devs will have something to say. Did you try setting requireReauthentication? p I will search in bug database for this problem. Thank you very much for your help, Mariano 2010/6/9 Pid p...@pidster.com mailto:p...@pidster.com On 09/06/2010 11:58, Mariano López wrote: Yes, all of the apps are in the same Host. Here is my server.xml file: Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.JAASRealm resourceName=jdbc/ds_usuarios_jaas_Local appName=Usuarios userClassNames=org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP roleClassNames=org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.authenticator.SingleSignOn / /Host I don't know if the SSO valve makes any guarantees about working with custom JAASRealm's. Try setting requireReauthentication to true. http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Single Sign On Valve p signature.asc Description: OpenPGP digital signature
Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
On 08/06/2010 11:05, Mariano López wrote: Hello all, I like to know how to finalize all sessions in a server with SingleSignOn valve activated. When I finalize the current session user when logs out only close the session in this context, the rest remains its sessions for this user. How exactly are you finalizing the current session, and do you actually mean to invalidate the session instead? p Tomcat 6.0.26 Regards, Mariano signature.asc Description: OpenPGP digital signature
Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
Actually when a user logs out from appliacation there is a context that contains the login page and the logout page. The logout page execute 'session.invalidate();' for closing session in this context. The server is configured with SingleSignOn valve, the context that contains login and logout page has menu systems for access all the pages for the user, this pages are located in differents context on this server. If I logout from my session when execute 'session.invalidate();' tomcat only close the session from login and logout page context, not for the rest, and i want to finalize the session in the rest of the contexts in the server. I hope that this explain better what I am trying to say. Regards Mariano 2010/6/9 Pid p...@pidster.com On 08/06/2010 11:05, Mariano López wrote: Hello all, I like to know how to finalize all sessions in a server with SingleSignOn valve activated. When I finalize the current session user when logs out only close the session in this context, the rest remains its sessions for this user. How exactly are you finalizing the current session, and do you actually mean to invalidate the session instead? p Tomcat 6.0.26 Regards, Mariano
Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
On 09/06/2010 11:01, Mariano López wrote: Actually when a user logs out from appliacation there is a context that contains the login page and the logout page. The logout page execute 'session.invalidate();' for closing session in this context. The server is configured with SingleSignOn valve, the context that contains login and logout page has menu systems for access all the pages for the user, this pages are located in differents context on this server. If I logout from my session when execute 'session.invalidate();' tomcat only close the session from login and logout page context, not for the rest, and i want to finalize the session in the rest of the contexts in the server. I hope that this explain better what I am trying to say. OK. Are all of the apps in the same Host? Please remove all comments obscure any passwords from your server.xml file and post it inline here. p Regards Mariano 2010/6/9 Pid p...@pidster.com mailto:p...@pidster.com On 08/06/2010 11:05, Mariano López wrote: Hello all, I like to know how to finalize all sessions in a server with SingleSignOn valve activated. When I finalize the current session user when logs out only close the session in this context, the rest remains its sessions for this user. How exactly are you finalizing the current session, and do you actually mean to invalidate the session instead? p Tomcat 6.0.26 Regards, Mariano signature.asc Description: OpenPGP digital signature
Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
Yes, all of the apps are in the same Host. Here is my server.xml file: ?xml version='1.0' encoding='utf-8'? Server port=9085 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Resource name=jdbc/ds_usuarios_jaas_Local auth=Container description=BBDD MySQL 5.0 donde se almacenan los grupos de usuarios. driverClass=com.mysql.jdbc.Driver factory=org.apache.naming.factory.BeanFactory type=com.mchange.v2.c3p0.ComboPooledDataSource maxPoolSize=20 minPoolSize=10 initialPoolSize=10 maxStatementsPerConnection=5 acquireIncrement=1 user=x password=x jdbcUrl=jdbc:mysql://localhost:3306/usuarios?autoReconnect=true checkoutTimeout=5000 preferredTestQuery=select 1 idleConnectionTestPeriod=900 unreturnedConnectionTimeout=120 debugUnreturnedConnectionStackTraces=true / /GlobalNamingResources Service name=Catalina Connector port=9080 redirectPort=9483 protocol=HTTP/1.1 connectionTimeout=2 enableLookups=false disableUploadTimeout=true URIEncoding=UTF-8 / Connector port=9483 protocol=HTTP/1.1 SSLEnabled=true enableLookups=false disableUploadTimeout=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS URIEncoding=UTF-8 keystoreFile=C:/java/servidores/tomcat-6.0-nb/conf/ssl/ClavePublicaTomcatSSL keystorePass=tomcatpwd / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.JAASRealm resourceName=jdbc/ds_usuarios_jaas_Local appName=Usuarios userClassNames=org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP roleClassNames=org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.authenticator.SingleSignOn / /Host Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127.0.0.1,10.36.135.108,10.36.134.205,10.36.135.106,10.36.135.107,10.36.131.189,10.36.132.219/ /Engine /Service /Server Mariano 2010/6/9 Pid p...@pidster.com On 09/06/2010 11:01, Mariano López wrote: Actually when a user logs out from appliacation there is a context that contains the login page and the logout page. The logout page execute 'session.invalidate();' for closing session in this context. The server is configured with SingleSignOn valve, the context that contains login and logout page has menu systems for access all the pages for the user, this pages are located in differents context on this server. If I logout from my session when execute 'session.invalidate();' tomcat only close the session from login and logout page context, not for the rest, and i want to finalize the session in the rest of the contexts in the server. I hope that this explain better what I am trying to say. OK. Are all of the apps in the same Host? Please remove all comments obscure any passwords from your server.xml file and post it inline here. p Regards Mariano 2010/6/9 Pid p...@pidster.com mailto:p...@pidster.com On 08/06/2010 11:05, Mariano López wrote: Hello all, I like to know how to finalize all sessions in a server with SingleSignOn valve activated. When I finalize the current session user when logs out only close the session in this context, the rest remains its sessions for this user. How exactly are you finalizing the current session, and do you actually mean to invalidate the session instead? p Tomcat 6.0.26 Regards, Mariano
Re: How to finalize all sessions in a server with SingleSignOn valve activated ?
On 09/06/2010 11:58, Mariano López wrote: Yes, all of the apps are in the same Host. Here is my server.xml file: Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.JAASRealm resourceName=jdbc/ds_usuarios_jaas_Local appName=Usuarios userClassNames=org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP roleClassNames=org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.authenticator.SingleSignOn / /Host I don't know if the SSO valve makes any guarantees about working with custom JAASRealm's. Try setting requireReauthentication to true. http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Single Sign On Valve p signature.asc Description: OpenPGP digital signature
How to finalize all sessions in a server with SingleSignOn valve activated ?
Hello all, I like to know how to finalize all sessions in a server with SingleSignOn valve activated. When I finalize the current session user when logs out only close the session in this context, the rest remains its sessions for this user. Tomcat 6.0.26 Regards, Mariano