Hi, I am trying to evaluate migrating our application from Weblogic to a Tomcat/JBoss environment. One of the main roadblocks at the moment is our reliance on the way SSO is done in weblogic.
In weblogic, even within the same virtual host, you can specify different SSO domains by defining diferent names for the sessionID parameter. All webapps sharing the same sessionID name will share the same user authentication information. This is independent of whether the sessionID is passed as a coockie or as a parameter of the request. So given the following URLs: /app1/main.html;dom1Id=sdjhfaksjdhfa /app2/other.html;dom1Id=sdjhfaksjdhfa /app3/another.html;dom2Id=sdjhfaksjdhfa In this case going from /app1 to /app2 will not require authentication because the they use the same SSO information. But going to /app3 will cause a login since the domain is different. Moreover, this needs to work without cookies. We have to shitch-off the use of cookies due to problems in the session cookie handle by some Browsers. Is such a configuration possible in Tomcat? Or, if not, does the Tomcat API provide what is needed so one can EASILY build such an authentication module? Any additional suggestions? I have looked and looked around for answers on this regard but found nothing. Thanks in advance, Jose
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]