I am migrating two webapps from an older JBOSS server to Wildfly 10.1.0. In the past they shared the same JSESSIONID. As it's recommended not to share the JSESSIONID I would like to use the JSESSIONIDSSO cookie which should then be available to both web applications.

Unfortunately I am not getting the right config to deliver the SSO cookie. I get a JSESSIONID but no additional SSO cookie.

I configured the following:

In standalone.xml I added single-sign-on path:

<server name="default-server">
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
                    <filter-ref name="server-header"/>
                    <filter-ref name="x-powered-by-header"/>
                    <single-sign-on path="/"/>
                </host>
            </server>

I also tried to add the following to the web application's jboss-web.xml:

<jboss-web>

        <security-domain>my-sec-domain</security-domain>

</jboss-web>
</jboss-web>

and again in standalone.xml added a security-domain:

            
<security-domain name="my-sec-domain" cache-type="default"/>

Can anybody help me please? What am I missing?

I am not sure if it's important but in our application we don't use form-based authentication. Instead we implemented auth via the RequestProcessor of the application.

Is it necessary to configure form-based authentication to get the SSO-Cookie?

Thank you very much in advance.