Hi There,
I am trying to implement SSO using glassfish and am able to implement it half way.
When I first try to access first application the login popup does come up and for second application as the cookie is already set, it does not come.
Things are fine. Now my question is
1. My cookie is never expiring, even after I have set session time out value in default-web.xml file to 1 minute.
What do I need to do extra to make the session time out and when user tries to access protected resource (any application) is given a login screen?
2. How can I logout user (invalidate the cookie) from all the applications if user clicks logout from one application.
I am using glassfish 3.1
My sun-web.xml file looks like and my xml files are attched
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "
http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<context-root>/SSOTest2</context-root>
<class-loader delegate="true"/>
<security-role-mapping>
<role-name>User</role-name>
<group-name>User</group-name>
</security-role-mapping>
</sun-web-app>
=============================================================