This is discussion that is more appropriate for wildfly-dev mailing list. (cced now)



On Tue, Sep 23, 2014 at 5:29 PM, Mattias Nilsson Grip <mattias.nilsson.grip@redpill-linpro.com> wrote:
Hi,

I see in a commit message from February "Drop superfluous re-authenticate attribute of <single-sign-on/>."

Looks like re-authenticate=true is still the default behaviour? In previous JBoss versions it was possible to use re-authenticate=false to do single-sign-on for two web applications in different security domains without the need to reauthenticate. What is the proper way to do that now? Should we configure an identity provider?

Regards,
Mattias
_______________________________________________
undertow-dev mailing list
undertow-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev