4.0.2 / 4.0.3: SSO across different VHs now?

andiwauss Dec 15, 2005 9:44 AM

Hello,

between 4.0.2 and 4.0.3sp1 the comment on the ClusteredSignleSignOnValve within tomcat/server.xml have been changed from

Uncomment to enable single sign-on across web apps
deployed to this host AND to all other hosts in the cluster
with the same virtual hostname.

Uncomment to enable single sign-on across web apps
deployed to this host AND to all other hosts in the cluster.

..which gives the impression, that the (spec conforming) restriction about SSO only on the same VH is not there anymore.

Well, I did a first test, and SSO did not work across different VH´s.

Is SSO across different VHs within one cluster now possible?

Is there anything else to configure to achieve it?

Or is the new comment just wrong?

Thanks a lot and cheers,
Andreas

1. Re: 4.0.2 / 4.0.3: SSO across different VHs now?

brian.stansberry Dec 15, 2005 10:54 AM (in response to andiwauss)

The comment is just wrong :(

SSO relies on a cookie, and the cookie's domain is "/" meaning it will only be presented to the host that issued it. Changing this will require a change in Tomcat.
Actions
2. Re: 4.0.2 / 4.0.3: SSO across different VHs now?

andiwauss Dec 15, 2005 11:45 AM (in response to andiwauss)

Thanks again for the quick reply!
Actions

Go to original post