users@glassfish.java.net

Re: SSO cookie expiration question

From: Kumar Jayanti <v.b.kumar.jayanti_at_oracle.com>
Date: Wed, 8 Jun 2011 15:45:24 +0530

>> However the applications are not asking for user credentials after invalidating session. I see in my debug code that "authenticateUser" from CustomLoginModule is called and user is automatically authenticated.

You mentioned the above ?. Did you try clearing all cookies in your browser before trying it out. Are you setting any cookies ?.


On 07-Jun-2011, at 10:33 PM, Thakur, Ajay K. wrote:

> Thanks for the response
>
> I am attaching here with my realm and login module code
>
>
> :-) Ajay
>
> -----Original Message-----
> From: Shing Wai Chan [mailto:shing.wai.chan_at_oracle.com]
> Sent: Tuesday, June 07, 2011 9:09 AM
> To: Thakur, Ajay K.
> Subject: Re: SSO cookie expiration question
>
> You may like to send emails to users_at_glassfish.dev.java.net as there are
> many experts in the alias.
> In your case, you may like to check the implementation of your custom
> realm/login module.
> Shing Wai Chan
>
> On 6/7/11 8:04 AM, Thakur, Ajay K. wrote:
>> Hi Chan,
>>
>> I was able to implement SSO functionality with Logout functionality. Once user logout from one application, he is logged out of all the applications. I used HTTPSession.invalidate().
>>
>> However the applications are not asking for user credentials after invalidating session. I see in my debug code that "authenticateUser" from CustomLoginModule is called and user is automatically authenticated.
>>
>> We have a requirement where user's need to be prompted for credentials (username/password) and I am not able to figure out how to force Glassfish to do so. This is a very urgent requirement and is stopping our project to get deployed.
>>
>> Your help in this regards is greatly greatly appreciated.
>>
>> Thanks.
>>
>> :-) Ajay
>>
>> -----Original Message-----
>> From: Shing Wai Chan [mailto:shing.wai.chan_at_oracle.com]
>> Sent: Monday, June 06, 2011 8:57 AM
>> To: Thakur, Ajay K.
>> Cc: webtier_at_glassfish.dev.java.net
>> Subject: Re: SSO cookie expiration question
>>
>> Are you looking at virtual server level SSO? GlassFish 3.1 already has that?
>> http://blogs.oracle.com/jluehe/entry/virtual_hosting_features_in_glassfish
>> http://weblogs.java.net/blog/swchan2/archive/2011/03/01/high-availability-single-sign-glassfish-31
>>
>> Shing Wai Chan
>
> <FSCustomRealm.java><FSLoginModule.java>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.