Hey! You need to make sure that your applications are using the same SessionDao and your cookie would need to be set to the domain that is common through your applications.
I haven't tried it personally yet, but 'buji-pac4j' (uses Shiro) and supports OIDC and SAML. You might want to take a look at that too. -Brian On Thu, Mar 8, 2018 at 9:07 AM, imsammyd <[email protected]> wrote: > Good day. I have a scenario where we have multiple web applications running > on the same server and we would like one login to serve all applications. > Currently, if you switch applications, you need to be re-authenticated. Try > as I may, I can not get this resolved. > > I went through the session management page to try and implement what they > call Poor Man's SSO (https://shiro.apache.org/session-management.html) > > *Here is my shiro.ini:* > [main] > contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory > contextFactory.url = ldap://1.2.3.4:389 > contextFactory.systemUsername = [email protected] > contextFactory.systemPassword = Password > > realm = com.me.shared.security.shiro.meADRealm > realm.ldapContextFactory = $contextFactory > realm.searchBase = OU=ME,DC=testdomain,DC=local > > securityManager.realms = $realm > > sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager > sessionIdCookie=org.apache.shiro.web.servlet.SimpleCookie > sessionIdCookie.name=sid > sessionIdCookie.maxAge=1800 > sessionIdCookie.httpOnly=true > sessionManager.sessionIdCookie=$sessionIdCookie > sessionManager.sessionIdCookieEnabled=true > securityManager.sessionManager = $sessionManager > > sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO > securityManager.sessionManager.sessionDAO = $sessionDAO > sessionValidationScheduler = > org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler > sessionValidationScheduler.interval = 3600000 > > securityManager.sessionManager.sessionValidationScheduler = > $sessionValidationScheduler > > cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager > securityManager.cacheManager = $cacheManager > > *URL mapping is done in a custom java IniWebEnvironment and looks like this > */faces/common/LWCLogin.xhtml = authc > /faces/common/unauthorized.xhtml = anon > /faces/secured/** = authc > /faces/myAdmin/** = roles[administrator] > /faces/myManagement/** = roles[administrator] > /faces/people/** = roles[administrator] > > *I have a custom JSF bean where I perform login like this: > *Subject subject = SecurityUtils.getSubject(); > UsernamePasswordToken token = new UsernamePasswordToken(getUserName(), > getPassword()); > subject.login(token); > > I am open to doing SSO in a different fashion, but this is an internal > application and doesn't need much. Any ideas? > > > > > > -- > Sent from: http://shiro-user.582556.n2.nabble.com/ >
