You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2010/07/29 16:43:40 UTC
DO NOT REPLY [Bug 49670] New:
org.apache.catalina.authenticator.SingleSignOn valve does not function
https://issues.apache.org/bugzilla/show_bug.cgi?id=49670
Summary: org.apache.catalina.authenticator.SingleSignOn valve
does not function
Product: Tomcat 7
Version: 7.0.0
Platform: PC
Status: NEW
Severity: regression
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: chornsey@hotmail.com
I have two web applications; neither declare a realm in the context.xml and
both are configured for authentication in the web.xml using standard tomcat
authentication methods. I have enabled the tomcat valve in the host and have
added a realm to the host as well.
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true">
<Realm className="org.apache.catalina.realm.JAASRealm" appName="SSO"
userClassNames="a.b.c" roleClassNames="a.b.c" useContextClassLoader="false"/>
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<Valve className="org.apache.catalina.authenticator.SingleSignOn"/>
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log." suffix=".txt" pattern="common"
resolveHosts="false"/>
-->
I have added a jaas configuration for the SSO app in the jaas.conf file for the
server. I am certain that the realm, jaas.conf are all configured properly as
the web applications do require a user to authenticate before accessing the
application, but if I have authenticated to one application I still am required
to authenticate before accessing the other application.
I have this exact same configuration working on a tomcat 6 environment, but an
identical configuration will not operate on a tomcat 7 server.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 49670]
org.apache.catalina.authenticator.SingleSignOn valve does not function
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49670
--- Comment #7 from chornsey@hotmail.com 2010-08-11 23:23:54 EDT ---
I have added two war files, he server configuration, jaas configuration and the
source code for the jaas implementation I used in this test case.
Accessing the first web app requires a log in. Accessing the second app does
not require a login. Using this test case in 6.x requires a login when
accessing app 1, but not on the subsequent request for app2.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 49670]
org.apache.catalina.authenticator.SingleSignOn valve does not function
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49670
Pid <pi...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS/Version| |All
--- Comment #1 from Pid <pi...@apache.org> 2010-08-03 05:47:07 EDT ---
Can you provide a simple test case which demonstrates the problem?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 49670]
org.apache.catalina.authenticator.SingleSignOn valve does not function
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49670
--- Comment #3 from chornsey@hotmail.com 2010-08-11 23:14:56 EDT ---
Created an attachment (id=25880)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=25880)
Second participating web appliaction.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 49670]
org.apache.catalina.authenticator.SingleSignOn valve does not function
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49670
--- Comment #6 from chornsey@hotmail.com 2010-08-11 23:21:31 EDT ---
Created an attachment (id=25883)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=25883)
eclipse jaas implementation project zipped.
This is the zipped eclipse project for all of the jaas files. Includes the
source for the login module and principals.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 49670]
org.apache.catalina.authenticator.SingleSignOn valve does not function
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49670
--- Comment #2 from chornsey@hotmail.com 2010-08-11 23:14:16 EDT ---
Created an attachment (id=25879)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=25879)
First participating war file.
Please add the jaas.jar file from this project o you tomcat/lib folder as i
contains the jaas principal and login module implementation.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 49670]
org.apache.catalina.authenticator.SingleSignOn valve does not function
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49670
--- Comment #5 from chornsey@hotmail.com 2010-08-11 23:17:43 EDT ---
Created an attachment (id=25882)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=25882)
server.xml with sso valve enabled.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 49670]
org.apache.catalina.authenticator.SingleSignOn valve does not function
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49670
--- Comment #4 from chornsey@hotmail.com 2010-08-11 23:16:18 EDT ---
Created an attachment (id=25881)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=25881)
The tomcat jaas configuration file used on the test server.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 49670]
org.apache.catalina.authenticator.SingleSignOn valve does not function
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49670
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #8 from Mark Thomas <ma...@apache.org> 2010-08-23 16:16:42 EDT ---
Sorry about that. I broke SSO when I did the Lifecycle refactoring for 7.0.x
I have fixed this in trunk and it will be included in 7.0.3 onwards.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org