Re: svn commit: r1814402 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbi z/webapp/control/ExternalLoginKeysManager.java

Hi Michael, I put my last thoughts at https://s.apache.org/cFeK I'll need to slightly change my comments in ExternalLoginKeysManager, will do later... Jacques Le 06/11/2017 à 13:57, Michael Brohl a écrit : Hi Jacques, this is the same solution pattern as we've discussed in [1]. I think we

Re: Tomcat SSO

Perhaps sharing exactly how you'd like to implement this would help. On Sun, Nov 5, 2017 at 7:12 PM, James Yong wrote: > Hi all, > > I would like to revisit this issue. Specifically on whether implementing > Tomcat SSO to avoid using externalLoginKey is a sound approach.

Re: svn commit: r1814402 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java

Hi Jacques, this is the same solution pattern as we've discussed in [1]. I think we should discuss this general pattern for both cases. I will wait for other opinions in [1] and do my follow-up later. Thanks, Michael [1]

Re: svn commit: r1814349 - in /ofbiz/ofbiz-framework/trunk: applications/securityext/src/main/java/org/apache/ofbiz/securityext/login/L oginEvents.java framework/security/config/security.properties

Hi Michael, As promised I reverted at revision 1814392, rest inline... Le 05/11/2017 à 21:21, Michael Brohl a écrit : Jacques, we already have a completely secure solution if we use EntityUtilProperties instead of UtilProperties to get the key. I disagree on that, look for instance at the