On 03/24/09 11:22 AM, glassfish_at_javadesktop.org wrote:
> Thanks for reply, Jan!
>
> I have enabled SSO as you have said.
> But it dont' works still :(
>
> After few experiments I have found the cause of my problem.
> My first application uses SSL (it means HTTPS-listener is used).
> I have removed SSL from first application and it's works fine!
> After login in first application I can login in second without new authentication.
>
> It is new feature in glassfish (because on SJSAS 8.2 it works fine with SSL)? How can I configure it correctly for using first application with SSL?
>
OK, I've been able to track down the root cause for this.
This is a side effect of our porting of this Tomcat fix:
http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
("SingleSignOn Cookie does not honor https access: Login Information
Disclosure")
If the request that initiates SSO came in over HTTPS, the SSO cookie
will now
be marked as secure and therefore will not be included with any
subsequent non-secure
requests.
This is the expected behaviour. The reason this used to work in earlier
releases actually is a bug.
Hope this helps.
Thanks,
Jan
> Thanks.
> [Message sent by forum member 'mikamj' (mikamj)]
>
> http://forums.java.net/jive/thread.jspa?messageID=338774
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>