Wildfly 9 session expired but no authentication unless browser closed

christopher.hesse Nov 9, 2015 1:48 PM

I have set up a custom security-domain in Wildfly 9.0.2.Final for testing which looks like this:

<security-domain name="LDAPAuth" cache-type="default">
<authentication>
  <login-module code="LdapExtended" flag="required">
    <module-option name="java.naming.factory.initial"
                   value="com.sun.jndi.ldap.LdapCtxFactory"/>
    <module-option name="java.naming.provider.url"
                   value="ldap://localhost:389"/>
    <module-option name="java.naming.security.authentication" value="simple"/>
    <module-option name="baseCtxDN" value="ou=People,dc=acme,dc=com"/>
    <module-option name="baseFilter" value="(uid={0})"/>
    <module-option name="rolesCtxDN" value="ou=Roles,dc=acme,dc=com"/>
    <module-option name="roleFilter" value="(member={1})"/>
    <module-option name="roleAttributeID" value="cn"/>
    <module-option name="searchScope" value="ONELEVEL_SCOPE"/>
  </login-module>
</authentication>
</security-domain>

In my web.xml I have referenced this security-domain name (LDAPAuth) in my login-config.

When I provide valid username and password configured in my local LDAP, I am allowed in, otherwise authentication fails. This works great. The problem is, once I've authenticated once, I'm never prompted again unless I close that browser window and open a new one. It doesn't matter if I manually call session.invalidate(); in my code, if the session just naturally expires (I have it set to 1 minute for testing), or even if I restart the server! I'm new to Wildfly but my experience working with other apps servers tells me that I should be re-prompted in any of the above scenarios, so what am I missing?

1. Re: Wildfly 9 session expired but no authentication unless browser closed

christopher.hesse Nov 10, 2015 12:10 PM (in response to christopher.hesse)

Really dumb. This was due to BASIC authentication.
Actions