- With FORM authentication, the browser does NOT know that authentication
has been requested - it simply serves the login form like any other. That
means that it cannot re-send the login information for you. It is also my
belief that the session information (in which the authentication
Hi David,
I share some of your concern over this single-signon issue. I too read the
specs and believe that they imply just what you say. The best I can offer
as a solution today, however, is what I have already mentioned; use BASIC
authentication, and specify the SAME realm-name for every
Chris:
I did see a message on orion-interest that explained how orion handles
roles. Not that I completely
understood it but enough to get the Java Pet Store Demo running.
Kirk S. Kalvar
I'm working on getting "Web Single Signon" to work as specified in
the J2EE bluprints, Page 3-13. It requires that the same login session
represents a user to all the applications that they accessthis is
important for my site(s) so that my users can change applications/sites
Hi all,
We have real problems to get role mappings work !
First of all, it's hard to understand why they appear in both
orion-application.xml and orion-ejb-jar.xml...
Second, it looks like orion-ejb-jar.xml is used, not orion-application.xml,
for role mappings
Third, Orion always cleans up our