Dave seenam [
https://community.jboss.org/people/davisonri_k12] created the discussion
"Single sign on issue on session Expiration Jboss 7"
To view the discussion, visit:
https://community.jboss.org/message/789632#789632
--------------------------------------------------------------
I have several applications deployed on the same jboss instance. I currently have Single
Sign On configured using the <sso/> tag. It is possible for a user to navigate from
one application to another app (redirect) deployed on the same jboss instance. Currently
when the user is authenticated into the first appplication, the SSO cookie is created and
a Single sign on entry is created for this cookie in the SingleSignOn valve which works
fine. Each application has a timeout period of 60 mins configured via the web.xml. When
the user navigates to the second application the user principal is correctly propogated
and a new session is created. However an new SSO entry for the second app is not created
since the cookie remains the same.
Now the issue is that lets say the session for the first application expires, even if the
second app's session is still active because the user is accessing the 2nd app, the
Single Sign On entry is deleted. Therefore the principal is lost on subsequent requests
for the second application. Because the Single Sign entry that is removed also gets rid of
the principal. Is there a way to get around this issue?
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/789632#789632]
Start a new discussion in JBoss AS 7 Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]