SSO and security-domains

jamat Feb 17, 2016 9:37 PM

In my standalone xml I enable <single-sign-on>.

Now I deploy 2 webapps each using their own security domain (which is specified in their jboss-web.xml).

Question now: should sso works for those 2 webapps? That is, if I log in to one webapp, should I be able to navigate to the other one without authenticating?

If I am not mistaken this is the behavior in JBoss EAP 6 (and I guess this is because you can specify if you want reauthentication or not)

But this is not the case with Wildfly 10.

Again is this the expected behavior?

1. Re: SSO and security-domains

jamat Feb 18, 2016 9:54 AM (in response to jamat)

Let me clarify my problem.
<single-sign-on> will not work in the scenario above in wildfly if the username/password that I used for the first webapp, that is for the first security-domain, is not valid for the second security-domain. But if the credentials are valid on both security-domain (regardless on the actual backend) then I can navigate to the other webapp.
It seems to me that wildfly will 'reauthenticate'.
Is there an option to override this? (like it exists in Jboss EAP 6?)
Actions