I am migrating two webapps from an older JBOSS server to Wildfly 10.1.0. In the past they shared the same JSESSIONID. As it's recommended not to share the JSESSIONID I would like to use the JSESSIONIDSSO cookie which should then be available to both web applications.
Unfortunately I am not getting the right config to deliver the SSO cookie. I get a JSESSIONID but no additional SSO cookie.
I configured the following:
In standalone.xml I added single-sign-on path:
<server name="default-server"> <host name="default-host" alias="localhost"> <location name="/" handler="welcome-content"/> <filter-ref name="server-header"/> <filter-ref name="x-powered-by-header"/> <single-sign-on path="/"/> </host> </server>
I also tried to add the following to the web application's jboss-web.xml:
<jboss-web> <security-domain>my-sec-domain</security-domain> </jboss-web> </jboss-web>
and again in standalone.xml added a security-domain:
<security-domain name="my-sec-domain" cache-type="default"/>
Can anybody help me please? What am I missing?
I am not sure if it's important but in our application we don't use form-based authentication. Instead we implemented auth via the RequestProcessor of the application.
Is it necessary to configure form-based authentication to get the SSO-Cookie?
Thank you very much in advance.