1 Reply Latest reply on Nov 10, 2015 12:10 PM by Christopher Hesse

    Wildfly 9 session expired but no authentication unless browser closed

    Christopher Hesse Newbie

      I have set up a custom security-domain in Wildfly 9.0.2.Final for testing which looks like this:

       

      <security-domain name="LDAPAuth" cache-type="default">
      <authentication>
        <login-module code="LdapExtended" flag="required">
          <module-option name="java.naming.factory.initial"
                         value="com.sun.jndi.ldap.LdapCtxFactory"/>
          <module-option name="java.naming.provider.url"
                         value="ldap://localhost:389"/>
          <module-option name="java.naming.security.authentication" value="simple"/>
          <module-option name="baseCtxDN" value="ou=People,dc=acme,dc=com"/>
          <module-option name="baseFilter" value="(uid={0})"/>
          <module-option name="rolesCtxDN" value="ou=Roles,dc=acme,dc=com"/>
          <module-option name="roleFilter" value="(member={1})"/>
          <module-option name="roleAttributeID" value="cn"/>
          <module-option name="searchScope" value="ONELEVEL_SCOPE"/>
        </login-module>
      </authentication>
      </security-domain>
      

       

      In my web.xml I have referenced this security-domain name (LDAPAuth) in my login-config.

       

      When I provide valid username and password configured in my local LDAP, I am allowed in, otherwise authentication fails. This works great. The problem is, once I've authenticated once, I'm never prompted again unless I close that browser window and open a new one. It doesn't matter if I manually call session.invalidate(); in my code, if the session just naturally expires (I have it set to 1 minute for testing), or even if I restart the server! I'm new to Wildfly but my experience working with other apps servers tells me that I should be re-prompted in any of the above scenarios, so what am I missing?