[jboss-jira] [JBoss JIRA] (WFLY-2704) FORM authentication credentials lost on failover
Paul Ferraro (JIRA)
issues at jboss.org
Fri Jan 3 18:02:33 EST 2014
[ https://issues.jboss.org/browse/WFLY-2704?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12933676#comment-12933676 ]
Paul Ferraro commented on WFLY-2704:
------------------------------------
It seems like this is most easily addressed by allowing replication of the user principal stored with the session. Currently, Undertow's AuthenticatedSession is part of the local context of a session and is not replicated.
> FORM authentication credentials lost on failover
> ------------------------------------------------
>
> Key: WFLY-2704
> URL: https://issues.jboss.org/browse/WFLY-2704
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Clustering
> Affects Versions: 8.0.0.CR1
> Reporter: Paul Ferraro
> Assignee: Paul Ferraro
> Fix For: 8.0.0.Final
>
>
> Unlike BASIC, DIGEST, and CERT authentication, FORM authentication requires an additional server side mechanism to store the credentials from the login form so that a user does not need to reauthenticate on failover.
> Traditionally, clustered SSO was the mechanism of choice (see https://issues.jboss.org/browse/JBAS-1900 )
> An analogous strategy is needed for Undertow.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list