Skip to Main Content
Forums

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Single Sign-On (SSO) in Web Server 7.0u5

wgkorb-JavaNetAug 10 2009 — edited Oct 19 2009
Hello,

I am in the process of trying to configure single sign-on (SSO) between several apps in the same SJWS 7.0u5 virtual server, and I'm not having much luck. This appears to be very similar to the problem reported in another thread (http://forums.sun.com/thread.jspa?forumID=759&threadID=5281564) that applied to 7.0u2.

I found one interesting detail that the previous post did not mention, however, and I think it is key to resolving this issue.

I've been using the SSO feature of WS7 since day one, and up to this point is has worked flawlessly. However, I am in the process of adding a new webapp that differs from the prior webapps in one significant way: it uses form-based login, and all the previous webapps used basic authentication.

Using the "Live HTTP Headers" Firefox add-on I captured the cookie exchanges between the client and server, and this is what I see:

1. Logging in to any of the apps that use basic authentication results in both the JSESSIONID for the current webapp and the JSESSIONIDSSO for the entire server to be returned in the response.

2. If I then go to a secured URI in the new (form login) webapp the JSESSIONIDSSO cookie is sent, but I still land on the login page.

3. When completing the login form and submitting it, no JSESSIONIDSSO is returned.

In both types of apps, my web.xml includes the appropriate configuration. FORM authentication:
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>ldap</realm-name>
    <form-login-config>
      <form-login-page>/login.jsf</form-login-page>
      <form-error-page>/error.jsf</form-error-page>
    </form-login-config>
  </login-config>
...and BASIC authentication:
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>ldap</realm-name>
  </login-config>
From this, it appears as though the SSO functionality is not working when using FORM authentication, only when using BASIC authentication.

The web apps developer's guide specifically says that SSO works for all webapps in the same virtual server with the same realm-name, which is certainly the case for me. It doesn't say that SSO is not supported in FORM-authenticated webapps, but that would appear to be the case.

Or is this a bug?

Or am I simply doing something obviously wrong?

Thanks!
Bill
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Nov 16 2009
Added on Aug 10 2009
#application-servers, #java-system-web-server
6 comments
374 views