M
Michael Jacobs
Guest
Hello Paul, Using the default configuration, the security token generated by a login process in one web application is not directly usable by the authorization process in a different web application. That is because the security token is stored in server-side http session storage whose scope is limited to a specific web application (via the http session id cookie exchanged between the web application and http client). The possibility seems to exists where all of the web applications that are running in the same web server instance can be configured to share a single http session and the http session id cookie, therefore using the same session storage and security token. I've not tried the configuration as I didn't have the time to reconfigure all of the web application's cookie parameters and work out the details. There is another possibility, which to use the Tomcat SSO valve. The general theory is to configure all of the web applications to use the same user account file with BASIC authentication. The Tomcat valve saves the user-id & password of a successful login and automatically inserts them into the BASIC authentication of other web applications. It does not get you the same security token - but it may allow you transparent access to multiple web applications. If you get either of these to work - please pass along the steps you took.
Continue reading...
Continue reading...