0 Replies Latest reply on Sep 1, 2015 6:55 AM by richard.groote

    Web SSO and security constraints

    richard.groote

      Hello,

       

      We are trying to use Web SSO in our application. I followed the documentation at SAML Web Browser SSO on JBoss AS 7.0 | JBoss Developer and this works fine when there are no specific security constraints.

       

      Used the following test scenario:

      - User request a secure page: http://localhost:8180/Application/WebApp/Tab

      - User is redirected to the idp

      - User supplies the credentials

      - The idp should redirects to the http://localhost:8180/Application/WebApp/Tab

       

      When in the web.xml the following security constraint is defined <url-pattern>/*</url-pattern> it works fine. The user is correctly redirect to the requested page.

       

      When the web.xml contains the below security constraints the user is redirected to http://localhost:8180/Application.

      <url-pattern>/Webapp/Tab</url-pattern>

      <url-pattern>/Webapp/Tab/*</url-pattern>

      <url-pattern>/Webapp/Tab2</url-pattern>

      <url-pattern>/Webapp/Tab2/*</url-pattern>

       

      Is there a configuration option to redirect back to the request page?

       

      When i change the service provider URL to http://localhost:8180/Application/WebApp than it looks like there is a infinite login attempt. Also tried to define the relaystate on the service provider configuration but that was not working and this value is not dynamic.

       

      Kind regards,

       

      Richard