You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "HAVENS,PETER (HP-Cupertino,ex3)" <pe...@hp.com> on 2002/08/29 21:25:20 UTC
single sign on and time outs
I have a question regarding SingleSignOn. It seems that if any web app is
accessed and then not visited for a period of time equal to the time out
value of the global web.xml then the user will be de-authenticated for all
webapps. To clarify, if I have two webapps, demo1 and demo2, and I log onto
my server which is configured for SingleSignOn; then if I visit a resource
in the demo1 webapp and then start viewing resources on the demo2 web app,
the timeout will occur for the demo1 session and thus timeout my entire
session.
Is there a way to configure single sign on so that it does not do timeouts
based on each web app?
-Peter
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: single sign on and time outs
Posted by Srinadh Karumuri <sk...@bbn.com>.
Thanks for sharing the details. It's very helpful.
I guess I have to catchup with TC4. :)
-Sri
At 07:08 PM 8/29/2002, Craig R. McClanahan wrote:
>On Thu, 29 Aug 2002, Srinadh Karumuri wrote:
>
> > Date: Thu, 29 Aug 2002 16:29:40 -0400
> > From: Srinadh Karumuri <sk...@bbn.com>
> > Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> > To: Tomcat Users List <to...@jakarta.apache.org>
> > Subject: Re: single sign on and time outs
> >
> >
> > >More precisely, both sessions will be invalidated.
> > I didn't get this. Lets say I have two webapps sharing one Tomcat3.0.
> > If
> > timeout for webapp1 = 5 min.
> > and
> > timeout for webapp2 = 10 min.
> > Does it mean both will get timed out after 5 min. I don't think so.
>
>Tomcat 3.x doesn't have any notion of "single sign on" support, so of
>course you won't see both logged out there.
>
>Tomcat 4.x has single sign on support if you are using form-based login
>for all the apps -- and it will indeed time out all sessions if any one of
>them times out. However, there is no way (in Servlet 2.3) to
>programmatically force a logout from all of the sessions. Of course, you
>have to explicitly enable the single sign on valve to get this behavior.
>
>Tomcat 5 will have the same "timeout once times out all" behavior, and
>adds the ability to programmatically request a logout.
>
>Craig
>
> >
> > -Sri
> > At 04:00 PM 8/29/2002, you wrote:
> >
> >
> > >On Thu, 29 Aug 2002, HAVENS,PETER (HP-Cupertino,ex3) wrote:
> > >
> > > > Date: Thu, 29 Aug 2002 15:25:20 -0400
> > > > From: "HAVENS,PETER (HP-Cupertino,ex3)" <pe...@hp.com>
> > > > Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> > > > To: 'Tomcat Users List' <to...@jakarta.apache.org>
> > > > Subject: single sign on and time outs
> > > >
> > > > I have a question regarding SingleSignOn. It seems that if any web
> app is
> > > > accessed and then not visited for a period of time equal to the
> time out
> > > > value of the global web.xml then the user will be de-authenticated
> for all
> > > > webapps. To clarify, if I have two webapps, demo1 and demo2, and I log
> > > onto
> > > > my server which is configured for SingleSignOn; then if I visit a
> resource
> > > > in the demo1 webapp and then start viewing resources on the demo2
> web app,
> > > > the timeout will occur for the demo1 session and thus timeout my entire
> > > > session.
> > > >
> > >
> > >More precisely, both sessions will be invalidated.
> > >
> > > > Is there a way to configure single sign on so that it does not do
> timeouts
> > > > based on each web app?
> > > >
> > >
> > >Isn't it easier to just make your sessions not time out?
> > >
> > > > -Peter
> > > >
> > >
> > >Craig
> > >
> > >
> > >--
> > >To unsubscribe,
> e-mail: <ma...@jakarta.apache.org>
> > >For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> >
> >
> > --
> > To unsubscribe,
> e-mail: <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> >
> >
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: single sign on and time outs
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Thu, 29 Aug 2002, Srinadh Karumuri wrote:
> Date: Thu, 29 Aug 2002 16:29:40 -0400
> From: Srinadh Karumuri <sk...@bbn.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: Tomcat Users List <to...@jakarta.apache.org>
> Subject: Re: single sign on and time outs
>
>
> >More precisely, both sessions will be invalidated.
> I didn't get this. Lets say I have two webapps sharing one Tomcat3.0.
> If
> timeout for webapp1 = 5 min.
> and
> timeout for webapp2 = 10 min.
> Does it mean both will get timed out after 5 min. I don't think so.
Tomcat 3.x doesn't have any notion of "single sign on" support, so of
course you won't see both logged out there.
Tomcat 4.x has single sign on support if you are using form-based login
for all the apps -- and it will indeed time out all sessions if any one of
them times out. However, there is no way (in Servlet 2.3) to
programmatically force a logout from all of the sessions. Of course, you
have to explicitly enable the single sign on valve to get this behavior.
Tomcat 5 will have the same "timeout once times out all" behavior, and
adds the ability to programmatically request a logout.
Craig
>
> -Sri
> At 04:00 PM 8/29/2002, you wrote:
>
>
> >On Thu, 29 Aug 2002, HAVENS,PETER (HP-Cupertino,ex3) wrote:
> >
> > > Date: Thu, 29 Aug 2002 15:25:20 -0400
> > > From: "HAVENS,PETER (HP-Cupertino,ex3)" <pe...@hp.com>
> > > Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> > > To: 'Tomcat Users List' <to...@jakarta.apache.org>
> > > Subject: single sign on and time outs
> > >
> > > I have a question regarding SingleSignOn. It seems that if any web app is
> > > accessed and then not visited for a period of time equal to the time out
> > > value of the global web.xml then the user will be de-authenticated for all
> > > webapps. To clarify, if I have two webapps, demo1 and demo2, and I log
> > onto
> > > my server which is configured for SingleSignOn; then if I visit a resource
> > > in the demo1 webapp and then start viewing resources on the demo2 web app,
> > > the timeout will occur for the demo1 session and thus timeout my entire
> > > session.
> > >
> >
> >More precisely, both sessions will be invalidated.
> >
> > > Is there a way to configure single sign on so that it does not do timeouts
> > > based on each web app?
> > >
> >
> >Isn't it easier to just make your sessions not time out?
> >
> > > -Peter
> > >
> >
> >Craig
> >
> >
> >--
> >To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> >For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: single sign on and time outs
Posted by Srinadh Karumuri <sk...@bbn.com>.
>More precisely, both sessions will be invalidated.
I didn't get this. Lets say I have two webapps sharing one Tomcat3.0.
If
timeout for webapp1 = 5 min.
and
timeout for webapp2 = 10 min.
Does it mean both will get timed out after 5 min. I don't think so.
-Sri
At 04:00 PM 8/29/2002, you wrote:
>On Thu, 29 Aug 2002, HAVENS,PETER (HP-Cupertino,ex3) wrote:
>
> > Date: Thu, 29 Aug 2002 15:25:20 -0400
> > From: "HAVENS,PETER (HP-Cupertino,ex3)" <pe...@hp.com>
> > Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> > To: 'Tomcat Users List' <to...@jakarta.apache.org>
> > Subject: single sign on and time outs
> >
> > I have a question regarding SingleSignOn. It seems that if any web app is
> > accessed and then not visited for a period of time equal to the time out
> > value of the global web.xml then the user will be de-authenticated for all
> > webapps. To clarify, if I have two webapps, demo1 and demo2, and I log
> onto
> > my server which is configured for SingleSignOn; then if I visit a resource
> > in the demo1 webapp and then start viewing resources on the demo2 web app,
> > the timeout will occur for the demo1 session and thus timeout my entire
> > session.
> >
>
>More precisely, both sessions will be invalidated.
>
> > Is there a way to configure single sign on so that it does not do timeouts
> > based on each web app?
> >
>
>Isn't it easier to just make your sessions not time out?
>
> > -Peter
> >
>
>Craig
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: single sign on and time outs
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Thu, 29 Aug 2002, HAVENS,PETER (HP-Cupertino,ex3) wrote:
> Date: Thu, 29 Aug 2002 15:25:20 -0400
> From: "HAVENS,PETER (HP-Cupertino,ex3)" <pe...@hp.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: 'Tomcat Users List' <to...@jakarta.apache.org>
> Subject: single sign on and time outs
>
> I have a question regarding SingleSignOn. It seems that if any web app is
> accessed and then not visited for a period of time equal to the time out
> value of the global web.xml then the user will be de-authenticated for all
> webapps. To clarify, if I have two webapps, demo1 and demo2, and I log onto
> my server which is configured for SingleSignOn; then if I visit a resource
> in the demo1 webapp and then start viewing resources on the demo2 web app,
> the timeout will occur for the demo1 session and thus timeout my entire
> session.
>
More precisely, both sessions will be invalidated.
> Is there a way to configure single sign on so that it does not do timeouts
> based on each web app?
>
Isn't it easier to just make your sessions not time out?
> -Peter
>
Craig
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>