[JBoss JIRA] (WFLY-2704) FORM authentication credentials lost on failover

Friday, 3 January 2014

    [
https://issues.jboss.org/browse/WFLY-2704?page=com.atlassian.jira.plugin....
] 

Paul Ferraro commented on WFLY-2704:
------------------------------------

It seems like this is most easily addressed by allowing replication of the user principal
stored with the session.  Currently, Undertow's AuthenticatedSession is part of the
local context of a session and is not replicated.

...
 FORM authentication credentials lost on failover
 ------------------------------------------------

                 Key: WFLY-2704
                 URL: https://issues.jboss.org/browse/WFLY-2704
             Project: WildFly
          Issue Type: Bug
      Security Level: Public(Everyone can see) 
          Components: Clustering
    Affects Versions: 8.0.0.CR1
            Reporter: Paul Ferraro
            Assignee: Paul Ferraro
             Fix For: 8.0.0.Final

 Unlike BASIC, DIGEST, and CERT authentication, FORM authentication requires an additional
server side mechanism to store the credentials from the login form so that a user does not
need to reauthenticate on failover.
 Traditionally, clustered SSO was the mechanism of choice (see
https://issues.jboss.org/browse/JBAS-1900 )
 An analogous strategy is needed for Undertow. 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006