users@glassfish.java.net

RE: SSO cookie expiration question

From: Thakur, Ajay K. <thakur1_at_llnl.gov>
Date: Tue, 7 Jun 2011 10:03:14 -0700

Thanks for the response

I am attaching here with my realm and login module code


:-) Ajay

-----Original Message-----
From: Shing Wai Chan [mailto:shing.wai.chan_at_oracle.com]
Sent: Tuesday, June 07, 2011 9:09 AM
To: Thakur, Ajay K.
Subject: Re: SSO cookie expiration question

You may like to send emails to users_at_glassfish.dev.java.net as there are
many experts in the alias.
In your case, you may like to check the implementation of your custom
realm/login module.
Shing Wai Chan

On 6/7/11 8:04 AM, Thakur, Ajay K. wrote:
> Hi Chan,
>
> I was able to implement SSO functionality with Logout functionality. Once user logout from one application, he is logged out of all the applications. I used HTTPSession.invalidate().
>
> However the applications are not asking for user credentials after invalidating session. I see in my debug code that "authenticateUser" from CustomLoginModule is called and user is automatically authenticated.
>
> We have a requirement where user's need to be prompted for credentials (username/password) and I am not able to figure out how to force Glassfish to do so. This is a very urgent requirement and is stopping our project to get deployed.
>
> Your help in this regards is greatly greatly appreciated.
>
> Thanks.
>
> :-) Ajay
>
> -----Original Message-----
> From: Shing Wai Chan [mailto:shing.wai.chan_at_oracle.com]
> Sent: Monday, June 06, 2011 8:57 AM
> To: Thakur, Ajay K.
> Cc: webtier_at_glassfish.dev.java.net
> Subject: Re: SSO cookie expiration question
>
> Are you looking at virtual server level SSO? GlassFish 3.1 already has that?
> http://blogs.oracle.com/jluehe/entry/virtual_hosting_features_in_glassfish
> http://weblogs.java.net/blog/swchan2/archive/2011/03/01/high-availability-single-sign-glassfish-31
>
> Shing Wai Chan