According to http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On
*As soon as the user logs out of one web application (for example, by invalidating the corresponding session if form based login is used), the user's sessions in all web applications will be invalidated. Any subsequent attempt to access a protected resource in any application will require the user to authenticate himself or herself again.* This is just what i need, i suppose that this is a bug. I will search in bug database for this problem. Thank you very much for your help, Mariano 2010/6/9 Pid <p...@pidster.com> > On 09/06/2010 11:58, Mariano López wrote: > > Yes, all of the apps are in the same Host. > > > > Here is my server.xml file: > > > > <Engine name="Catalina" defaultHost="localhost"> > > > > <Realm className="org.apache.catalina.realm.JAASRealm" > > resourceName="jdbc/ds_usuarios_jaas_Local" > > appName="Usuarios" > > > > userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP" > > > > > roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/> > > > > <Host name="localhost" appBase="webapps" > > unpackWARs="true" autoDeploy="false" > > xmlValidation="false" xmlNamespaceAware="false"> > > > > <Valve className="org.apache.catalina.authenticator.SingleSignOn" > /> > > > > > > </Host> > > I don't know if the SSO valve makes any guarantees about working with > custom JAASRealm's. > > Try setting "requireReauthentication" to true. > > http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Single Sign On > Valve > > > p > > > > >
