Hi Michael,
I put my last thoughts at https://s.apache.org/cFeK
I'll need to slightly change my comments in ExternalLoginKeysManager, will do
later...
Jacques
Le 06/11/2017 à 13:57, Michael Brohl a écrit :
Hi Jacques,
this is the same solution pattern as we've discussed in [1]. I think we
Perhaps sharing exactly how you'd like to implement this would help.
On Sun, Nov 5, 2017 at 7:12 PM, James Yong wrote:
> Hi all,
>
> I would like to revisit this issue. Specifically on whether implementing
> Tomcat SSO to avoid using externalLoginKey is a sound approach.
Hi Jacques,
this is the same solution pattern as we've discussed in [1]. I think we
should discuss this general pattern for both cases.
I will wait for other opinions in [1] and do my follow-up later.
Thanks,
Michael
[1]
Hi Michael,
As promised I reverted at revision 1814392, rest inline...
Le 05/11/2017 à 21:21, Michael Brohl a écrit :
Jacques,
we already have a completely secure solution if we use EntityUtilProperties
instead of UtilProperties to get the key.
I disagree on that, look for instance at the