users@glassfish.java.net

Re: SSO not working if login through HTTPS and redirect to HTTP

From: Jan Luehe <Jan.Luehe_at_Sun.COM>
Date: Tue, 05 Jan 2010 19:19:48 -0800

On 12/22/09 01:31 PM, glassfish_at_javadesktop.org wrote:
> Hi All,
>
> Glassfish ver 2.1.1
>
> I have two application, both deployed over same virtual server and having same realm for authentication.
> I have enabled SSO, and it's wokring proper for HTTP protocol.
>
> As soon i have moved my login page to HTTPS, only one of the application on which has login page, i am logged in and not on another application.
>
> After going through Glassfish document, i found that there is a cookie related property in sun-web.xml as cookieSecure which i have set to false but still it's not working.
>
> I have also tried with "ssoCookieSecure" in virtual-server and no success yet.
>
> Is there any thing else i need to configure? Or am i missing something?
>

Note that support for the "ssoCookieSecure" property was added to
GlassFish v3
(it is not available with 2.1.1).

See my blog "How to configure the security of HTTP session and
Single-Sign-On cookies in GlassFish" at
http://blogs.sun.com/jluehe/entry/ow_to_configure_the_security
for additional info.

Thanks,

Jan

> Thanks,
> Janak
> [Message sent by forum member 'jmewada' (jmewada_at_ascentmedia.com)]
>
> http://forums.java.net/jive/thread.jspa?messageID=377015
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>