You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mariano López <ma...@gmail.com> on 2010/06/08 12:05:18 UTC
How to finalize all sessions in a server with SingleSignOn valve
activated ?
Hello all, I like to know how to finalize all sessions in a server with
SingleSignOn valve activated.
When I finalize the current session user when logs out only close the
session in this context, the rest remains its sessions for this user.
Tomcat 6.0.26
Regards,
Mariano
Re: How to finalize all sessions in a server with SingleSignOn valve
activated ?
Posted by Mariano López <ma...@gmail.com>.
After debugging my apps I notice that all session context all correctly
invalidated except one context.
I have made test with four context, three of them are correctly invalidated
and just one remains the user's session.
I don't understand what is happened with this case.
Best regards,
Mariano
2010/6/11 Mariano López <ma...@gmail.com>
> I just tried requireReauthentication in SingleSignOn valve and always
> drives me to login page, so with this does not work.
>
> Best regards,
>
> Mariano
>
>
> ---------- Forwarded message ----------
> From: Pid <pi...@pidster.com>
> Date: 2010/6/10
> Subject: Re: How to finalize all sessions in a server with SingleSignOn
> valve activated ?
> To: Tomcat Users List <us...@tomcat.apache.org>
>
>
> On 10/06/2010 09:05, Mariano López wrote:
> > According to
> >
> http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On
> >
> > *As soon as the user logs out of one web application (for example, by
> > invalidating the corresponding session if form based login is used), the
> > user's sessions in *all* web applications will be invalidated. Any
> > subsequent attempt to access a protected resource in any application
> > will require the user to authenticate himself or herself again.*
>
> Yes, I know what it says, and it works for me - but I'm not using a
> custom JAAS setup.
>
> > This is just what i need, i suppose that this is a bug.
>
> The point I was making was that I wasn't sure if custom JAAS
> automatically worked with the SSO valve, although my gut feeling is that
> it should.
>
> Maybe one of the devs will have something to say.
>
> Did you try setting "requireReauthentication"?
>
>
> p
>
> > I will search in bug database for this problem.
> >
> > Thank you very much for your help,
> >
> > Mariano
> >
> > 2010/6/9 Pid <pid@pidster.com <ma...@pidster.com>>
> >
> > On 09/06/2010 11:58, Mariano López wrote:
> > > Yes, all of the apps are in the same Host.
> > >
> > > Here is my server.xml file:
> >
> >
> > > <Engine name="Catalina" defaultHost="localhost">
> > >
> > > <Realm className="org.apache.catalina.realm.JAASRealm"
> > > resourceName="jdbc/ds_usuarios_jaas_Local"
> > > appName="Usuarios"
> > >
> > >
> >
> userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP"
> > >
> > >
> >
> roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/>
> > >
> > > <Host name="localhost" appBase="webapps"
> > > unpackWARs="true" autoDeploy="false"
> > > xmlValidation="false" xmlNamespaceAware="false">
> > >
> > > <Valve
> > className="org.apache.catalina.authenticator.SingleSignOn" />
> > >
> > >
> > > </Host>
> >
> > I don't know if the SSO valve makes any guarantees about working with
> > custom JAASRealm's.
> >
> > Try setting "requireReauthentication" to true.
> >
> > http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#SingleSign On
> > Valve
> >
> >
> > p
> >
> >
> >
> >
> >
>
>
>
>
Re: How to finalize all sessions in a server with SingleSignOn valve
activated ?
Posted by Mariano López <ma...@gmail.com>.
I just tried requireReauthentication in SingleSignOn valve and always drives
me to login page, so with this does not work.
Best regards,
Mariano
---------- Forwarded message ----------
From: Pid <pi...@pidster.com>
Date: 2010/6/10
Subject: Re: How to finalize all sessions in a server with SingleSignOn
valve activated ?
To: Tomcat Users List <us...@tomcat.apache.org>
On 10/06/2010 09:05, Mariano López wrote:
> According to
>
http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On
>
> *As soon as the user logs out of one web application (for example, by
> invalidating the corresponding session if form based login is used), the
> user's sessions in *all* web applications will be invalidated. Any
> subsequent attempt to access a protected resource in any application
> will require the user to authenticate himself or herself again.*
Yes, I know what it says, and it works for me - but I'm not using a
custom JAAS setup.
> This is just what i need, i suppose that this is a bug.
The point I was making was that I wasn't sure if custom JAAS
automatically worked with the SSO valve, although my gut feeling is that
it should.
Maybe one of the devs will have something to say.
Did you try setting "requireReauthentication"?
p
> I will search in bug database for this problem.
>
> Thank you very much for your help,
>
> Mariano
>
> 2010/6/9 Pid <pid@pidster.com <ma...@pidster.com>>
>
> On 09/06/2010 11:58, Mariano López wrote:
> > Yes, all of the apps are in the same Host.
> >
> > Here is my server.xml file:
>
>
> > <Engine name="Catalina" defaultHost="localhost">
> >
> > <Realm className="org.apache.catalina.realm.JAASRealm"
> > resourceName="jdbc/ds_usuarios_jaas_Local"
> > appName="Usuarios"
> >
> >
>
userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP"
> >
> >
>
roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/>
> >
> > <Host name="localhost" appBase="webapps"
> > unpackWARs="true" autoDeploy="false"
> > xmlValidation="false" xmlNamespaceAware="false">
> >
> > <Valve
> className="org.apache.catalina.authenticator.SingleSignOn" />
> >
> >
> > </Host>
>
> I don't know if the SSO valve makes any guarantees about working with
> custom JAASRealm's.
>
> Try setting "requireReauthentication" to true.
>
> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Single Sign
On
> Valve
>
>
> p
>
>
>
>
>
Re: How to finalize all sessions in a server with SingleSignOn valve
activated ?
Posted by Pid <pi...@pidster.com>.
On 10/06/2010 09:05, Mariano López wrote:
> According to
> http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On
>
> *As soon as the user logs out of one web application (for example, by
> invalidating the corresponding session if form based login is used), the
> user's sessions in *all* web applications will be invalidated. Any
> subsequent attempt to access a protected resource in any application
> will require the user to authenticate himself or herself again.*
Yes, I know what it says, and it works for me - but I'm not using a
custom JAAS setup.
> This is just what i need, i suppose that this is a bug.
The point I was making was that I wasn't sure if custom JAAS
automatically worked with the SSO valve, although my gut feeling is that
it should.
Maybe one of the devs will have something to say.
Did you try setting "requireReauthentication"?
p
> I will search in bug database for this problem.
>
> Thank you very much for your help,
>
> Mariano
>
> 2010/6/9 Pid <pid@pidster.com <ma...@pidster.com>>
>
> On 09/06/2010 11:58, Mariano López wrote:
> > Yes, all of the apps are in the same Host.
> >
> > Here is my server.xml file:
>
>
> > <Engine name="Catalina" defaultHost="localhost">
> >
> > <Realm className="org.apache.catalina.realm.JAASRealm"
> > resourceName="jdbc/ds_usuarios_jaas_Local"
> > appName="Usuarios"
> >
> >
> userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP"
> >
> >
> roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/>
> >
> > <Host name="localhost" appBase="webapps"
> > unpackWARs="true" autoDeploy="false"
> > xmlValidation="false" xmlNamespaceAware="false">
> >
> > <Valve
> className="org.apache.catalina.authenticator.SingleSignOn" />
> >
> >
> > </Host>
>
> I don't know if the SSO valve makes any guarantees about working with
> custom JAASRealm's.
>
> Try setting "requireReauthentication" to true.
>
> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Single Sign On
> Valve
>
>
> p
>
>
>
>
>
Re: How to finalize all sessions in a server with SingleSignOn valve
activated ?
Posted by Mariano López <ma...@gmail.com>.
According to
http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On
*As soon as the user logs out of one web application (for example, by
invalidating the corresponding session if form based login is used), the
user's sessions in all web applications will be invalidated. Any subsequent
attempt to access a protected resource in any application will require the
user to authenticate himself or herself again.*
This is just what i need, i suppose that this is a bug.
I will search in bug database for this problem.
Thank you very much for your help,
Mariano
2010/6/9 Pid <pi...@pidster.com>
> On 09/06/2010 11:58, Mariano López wrote:
> > Yes, all of the apps are in the same Host.
> >
> > Here is my server.xml file:
>
>
> > <Engine name="Catalina" defaultHost="localhost">
> >
> > <Realm className="org.apache.catalina.realm.JAASRealm"
> > resourceName="jdbc/ds_usuarios_jaas_Local"
> > appName="Usuarios"
> >
> > userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP"
> >
> >
> roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/>
> >
> > <Host name="localhost" appBase="webapps"
> > unpackWARs="true" autoDeploy="false"
> > xmlValidation="false" xmlNamespaceAware="false">
> >
> > <Valve className="org.apache.catalina.authenticator.SingleSignOn"
> />
> >
> >
> > </Host>
>
> I don't know if the SSO valve makes any guarantees about working with
> custom JAASRealm's.
>
> Try setting "requireReauthentication" to true.
>
> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Single Sign On
> Valve
>
>
> p
>
>
>
>
>
Re: How to finalize all sessions in a server with SingleSignOn valve
activated ?
Posted by Pid <pi...@pidster.com>.
On 09/06/2010 11:58, Mariano López wrote:
> Yes, all of the apps are in the same Host.
>
> Here is my server.xml file:
> <Engine name="Catalina" defaultHost="localhost">
>
> <Realm className="org.apache.catalina.realm.JAASRealm"
> resourceName="jdbc/ds_usuarios_jaas_Local"
> appName="Usuarios"
>
> userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP"
>
> roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/>
>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="false"
> xmlValidation="false" xmlNamespaceAware="false">
>
> <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
>
>
> </Host>
I don't know if the SSO valve makes any guarantees about working with
custom JAASRealm's.
Try setting "requireReauthentication" to true.
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Single Sign On
Valve
p
Re: How to finalize all sessions in a server with SingleSignOn valve
activated ?
Posted by Mariano López <ma...@gmail.com>.
Yes, all of the apps are in the same Host.
Here is my server.xml file:
<?xml version='1.0' encoding='utf-8'?>
<Server port="9085" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
/>
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<GlobalNamingResources>
<Resource name="jdbc/ds_usuarios_jaas_Local"
auth="Container"
description="BBDD MySQL 5.0 donde se almacenan los grupos de
usuarios."
driverClass="com.mysql.jdbc.Driver"
factory="org.apache.naming.factory.BeanFactory"
type="com.mchange.v2.c3p0.ComboPooledDataSource"
maxPoolSize="20"
minPoolSize="10"
initialPoolSize="10"
maxStatementsPerConnection="5"
acquireIncrement="1"
user="xxxxx"
password="xxxxx"
jdbcUrl="jdbc:mysql://localhost:3306/usuarios?autoReconnect=true"
checkoutTimeout="5000"
preferredTestQuery="select 1"
idleConnectionTestPeriod="900"
unreturnedConnectionTimeout="120"
debugUnreturnedConnectionStackTraces="true"
/>
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="9080"
redirectPort="9483"
protocol="HTTP/1.1"
connectionTimeout="20000"
enableLookups="false"
disableUploadTimeout="true"
URIEncoding="UTF-8"
/>
<Connector port="9483"
protocol="HTTP/1.1"
SSLEnabled="true"
enableLookups="false"
disableUploadTimeout="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
URIEncoding="UTF-8"
keystoreFile="C:/java/servidores/tomcat-6.0-nb/conf/ssl/ClavePublicaTomcatSSL"
keystorePass="tomcatpwd" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.JAASRealm"
resourceName="jdbc/ds_usuarios_jaas_Local"
appName="Usuarios"
userClassNames="org.sescam.chua.AutenticacionTomcatChua.UsuarioChuaLDAP"
roleClassNames="org.sescam.chua.AutenticacionTomcatChua.GrupoChuaPrincipal"/>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="false"
xmlValidation="false" xmlNamespaceAware="false">
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
</Host>
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.0.0.1,10.36.135.108,10.36.134.205,10.36.135.106,10.36.135.107,10.36.131.189,10.36.132.219"/>
</Engine>
</Service>
</Server>
Mariano
2010/6/9 Pid <pi...@pidster.com>
> On 09/06/2010 11:01, Mariano López wrote:
> > Actually when a user logs out from appliacation there is a context that
> > contains the login page and the logout page. The logout page execute
> > 'session.invalidate();' for closing session in this context.
> >
> > The server is configured with SingleSignOn valve, the context that
> > contains login and logout page has menu systems for access all the pages
> > for the user, this pages are located in differents context on this
> server.
> >
> > If I logout from my session when execute 'session.invalidate();' tomcat
> > only close the session from login and logout page context, not for the
> > rest, and i want to finalize the session in the rest of the contexts in
> > the server.
> >
> > I hope that this explain better what I am trying to say.
>
> OK.
>
> Are all of the apps in the same Host?
>
> Please remove all comments & obscure any passwords from your server.xml
> file and post it inline here.
>
>
> p
>
>
> > Regards
> >
> > Mariano
> >
> > 2010/6/9 Pid <pid@pidster.com <ma...@pidster.com>>
> >
> > On 08/06/2010 11:05, Mariano López wrote:
> > > Hello all, I like to know how to finalize all sessions in a server
> > with
> > > SingleSignOn valve activated.
> > >
> > > When I finalize the current session user when logs out only close
> the
> > > session in this context, the rest remains its sessions for this
> user.
> >
> > How exactly are you "finalizing" the current session, and do you
> > actually mean to "invalidate" the session instead?
> >
> >
> > p
> >
> > > Tomcat 6.0.26
> > >
> > > Regards,
> > >
> > > Mariano
> > >
> >
> >
> >
>
>
>
Re: How to finalize all sessions in a server with SingleSignOn valve
activated ?
Posted by Pid <pi...@pidster.com>.
On 09/06/2010 11:01, Mariano López wrote:
> Actually when a user logs out from appliacation there is a context that
> contains the login page and the logout page. The logout page execute
> 'session.invalidate();' for closing session in this context.
>
> The server is configured with SingleSignOn valve, the context that
> contains login and logout page has menu systems for access all the pages
> for the user, this pages are located in differents context on this server.
>
> If I logout from my session when execute 'session.invalidate();' tomcat
> only close the session from login and logout page context, not for the
> rest, and i want to finalize the session in the rest of the contexts in
> the server.
>
> I hope that this explain better what I am trying to say.
OK.
Are all of the apps in the same Host?
Please remove all comments & obscure any passwords from your server.xml
file and post it inline here.
p
> Regards
>
> Mariano
>
> 2010/6/9 Pid <pid@pidster.com <ma...@pidster.com>>
>
> On 08/06/2010 11:05, Mariano López wrote:
> > Hello all, I like to know how to finalize all sessions in a server
> with
> > SingleSignOn valve activated.
> >
> > When I finalize the current session user when logs out only close the
> > session in this context, the rest remains its sessions for this user.
>
> How exactly are you "finalizing" the current session, and do you
> actually mean to "invalidate" the session instead?
>
>
> p
>
> > Tomcat 6.0.26
> >
> > Regards,
> >
> > Mariano
> >
>
>
>
Re: How to finalize all sessions in a server with SingleSignOn valve
activated ?
Posted by Mariano López <ma...@gmail.com>.
Actually when a user logs out from appliacation there is a context that
contains the login page and the logout page. The logout page execute
'session.invalidate();' for closing session in this context.
The server is configured with SingleSignOn valve, the context that contains
login and logout page has menu systems for access all the pages for the
user, this pages are located in differents context on this server.
If I logout from my session when execute 'session.invalidate();' tomcat only
close the session from login and logout page context, not for the rest, and
i want to finalize the session in the rest of the contexts in the server.
I hope that this explain better what I am trying to say.
Regards
Mariano
2010/6/9 Pid <pi...@pidster.com>
> On 08/06/2010 11:05, Mariano López wrote:
> > Hello all, I like to know how to finalize all sessions in a server with
> > SingleSignOn valve activated.
> >
> > When I finalize the current session user when logs out only close the
> > session in this context, the rest remains its sessions for this user.
>
> How exactly are you "finalizing" the current session, and do you
> actually mean to "invalidate" the session instead?
>
>
> p
>
> > Tomcat 6.0.26
> >
> > Regards,
> >
> > Mariano
> >
>
>
>
Re: How to finalize all sessions in a server with SingleSignOn valve
activated ?
Posted by Pid <pi...@pidster.com>.
On 08/06/2010 11:05, Mariano López wrote:
> Hello all, I like to know how to finalize all sessions in a server with
> SingleSignOn valve activated.
>
> When I finalize the current session user when logs out only close the
> session in this context, the rest remains its sessions for this user.
How exactly are you "finalizing" the current session, and do you
actually mean to "invalidate" the session instead?
p
> Tomcat 6.0.26
>
> Regards,
>
> Mariano
>