Hello. I have > 2 web-applications which are running on the same host. The Valve SingleSignOn is enabled.
Application1 has security-constraint and login-config elements in web.xml Application2, 3 etc has no such definitions Technically Application1 is acting as a security gate. All other applications are redirected to it if userPrincipal is not found. In this scenario Single Sign ON works fine - after authenticating in Application1, all other applications have correction userPrincipal. However Single Sign OFF doesn't work in this configuration. If I logout in App1, other sessions are not invalidated. How can this be overcomed? Is it a bug or works-as-intended? (our current possible workaround could be specifying security-constraint also in App2, App3 but we have rather a big bunch of them and it looks like rather complex configuration propagation which should be not forgotten when new webapps are added). Thanks for any help. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org