Hi, I see in a commit message from February "Drop superfluous re-authenticate attribute of <single-sign-on/>." Looks like re-authenticate=true is still the default behaviour? In previous JBoss versions it was possible to use re-authenticate=false to do single-sign-on for two web applications in different security domains without the need to reauthenticate. What is the proper way to do that now? Should we configure an identity provider? Regards, Mattias _______________________________________________ undertow-dev mailing list undertow-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/undertow-dev