[jboss-user] [Security & JAAS/JBoss] - Caching name and passwordcallbackhandler

kristof.devos do-not-reply at jboss.com
Thu Dec 27 08:35:05 EST 2007


Hi

I have 2 applications running on 1 server instance. Both have a different loginmodule and have a different security domain.

The first application is a management application and allows administrators to login on the 2nd application as different users. For this I've setup an SSO solution --> SAML ticket and username are sent loginmodule of the  2nd application using the standard form authentication (auto submit), but in the 2nd loginmodule when I use the name and passwordcallbackhandlers they return me username and password of my first application and not the username and samlticket. So callbacks still cache previous values.

Putting the DefaultCacheTimeout = 0 is not an option as it affects our performance.

Is there any way to make sure the callbacks are not cached?

thx

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4115696#4115696

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4115696



More information about the jboss-user mailing list