Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-4473

Active Users Are Logged Out with Clustered SSO

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 4.2.0.GA_CP09, 4.3.0.GA_CP08
    • Fix Version/s: 4.3.0.GA_CP09
    • Component/s: Clustering
    • Labels:
      None
    • Affects:
      Release Notes
    • Release Notes Text:
      Hide
      Single Sign On (SSO) is a specialized form of user authentication that enables a user to be authenticated once, and gain
      access to resources on multiple systems/web applications during that session.

      Clustered SSO was not considering the Tomcat or JBoss Web host or context when counting SSO sessions.
      If a user was actively using multiple web applications with the same SSO session ID, the user could be logged
      out unexpectedly because the host or context of the application was excluded from the Clustered SSO session count.
      Clustered SSO interaction has been refactored with JBoss Cache (JBC) into a pluggable component that includes Tomcat
      and JBoss Web host and context. The refactored SSO corrects the problem with host and context issues.
      Show
      Single Sign On (SSO) is a specialized form of user authentication that enables a user to be authenticated once, and gain access to resources on multiple systems/web applications during that session. Clustered SSO was not considering the Tomcat or JBoss Web host or context when counting SSO sessions. If a user was actively using multiple web applications with the same SSO session ID, the user could be logged out unexpectedly because the host or context of the application was excluded from the Clustered SSO session count. Clustered SSO interaction has been refactored with JBoss Cache (JBC) into a pluggable component that includes Tomcat and JBoss Web host and context. The refactored SSO corrects the problem with host and context issues.
    • Release Notes Docs Status:
      Documented as Resolved Issue

      Description

      Since clustered SSO doesn't consider Tomcat/JBossWeb host and/or context when counting SSO sessions, active users of different web applications with the same session ID can be unexpectedly logged out .

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  jaredmorgs Jared Morgan
                  Reporter:
                  jiwils Jimmy Wilson
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: