1 2 Previous Next 21 Replies Latest reply on Jul 31, 2014 3:39 PM by Paul Ferraro

    Wildfly SSO, does it support session timeout and logout?

    Tihomir Meščić Newbie

      Hi everyone,

       

      I'm using the Single-sign On feature on Wildfly 8.1.0.Final. I have a non-clustered environment - the SSO is used to login a user

      across different context roots: multiple WARs deployed on the same WildFly instance. The login process works fine, I get a

      JSESSIONIDSSO cookie and the user can access all context roots without the need to login more than once. What I don't know

      is how to achive logout/session timeout functionally...

       

      Question 1:

      Is there a way to set a session timeout on the SSO session? Right now, when the session timeout occurs on one of my servlets

      the user is still logged in (it has a valid JESESSIONIDSSO, and the SSO module just creates a new session automatically).

       

      Question 2:

      Is there a way to invalidate the SSO session programatically? The same way you can invalidate a regular session by invoking

      session.invalidate().

       

      standalone.xml:

       

      <subsystem xmlns="urn:jboss:domain:undertow:1.1">
                  <buffer-cache name="default"/>
                  <server name="default-server">
                      <http-listener name="default" socket-binding="http"/>
                      <host name="default-host" alias="localhost">
                          <location name="/" handler="welcome-content"/>
                          <single-sign-on path="/" />
      

       

      jboss-web.xml:

      <context-root>/one_of_my_wars</context-root>
      <security-domain>MyDomain</security-domain>    
      <valve> 
              <class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
          </valve> 
      
        1 2 Previous Next