[undertow-dev] single-sign-on and reauthenticate=false

Hi, I see in a commit message from February "Drop superfluous re-authenticate attribute of <single-sign-on/>." Looks like re-authenticate=true is still the default behaviour? In previous JBoss versions it was possible to use re-authenticate=false to do single-sign-on for two web applications in different security domains without the need to reauthenticate. What is the proper way to do that now? Should we configure an identity provider? Regards, Mattias