Skip to main content

RE: SSO cookie expiration question

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
2 replies [Last post]
Thakur, Ajay K....
Offline
Joined: 2011-06-07

Thanks for the response

I am attaching here with my realm and login module code

:-) Ajay

-----Original Message-----
From: Shing Wai Chan [mailto:shing.wai.chan...]
Sent: Tuesday, June 07, 2011 9:09 AM
To: Thakur, Ajay K.
Subject: Re: SSO cookie expiration question

You may like to send emails to users@glassfish.dev.java.net as there are
many experts in the alias.
In your case, you may like to check the implementation of your custom
realm/login module.
Shing Wai Chan

On 6/7/11 8:04 AM, Thakur, Ajay K. wrote:
> Hi Chan,
>
> I was able to implement SSO functionality with Logout functionality. Once user logout from one application, he is logged out of all the applications. I used HTTPSession.invalidate().
>
> However the applications are not asking for user credentials after invalidating session. I see in my debug code that "authenticateUser" from CustomLoginModule is called and user is automatically authenticated.
>
> We have a requirement where user's need to be prompted for credentials (username/password) and I am not able to figure out how to force Glassfish to do so. This is a very urgent requirement and is stopping our project to get deployed.
>
> Your help in this regards is greatly greatly appreciated.
>
> Thanks.
>
> :-) Ajay
>
> -----Original Message-----
> From: Shing Wai Chan [mailto:shing.wai.chan...]
> Sent: Monday, June 06, 2011 8:57 AM
> To: Thakur, Ajay K.
> Cc: webtier@glassfish.dev.java.net
> Subject: Re: SSO cookie expiration question
>
> Are you looking at virtual server level SSO? GlassFish 3.1 already has that?
> http://blogs.oracle.com/jluehe/entry/virtual_hosting_features_in_glassfish
> http://weblogs.java.net/blog/swchan2/archive/2011/03/01/high-availabilit...
>
> Shing Wai Chan

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kumar Jayanti Guest
Offline
Joined: 2011-04-02

>> However the applications are not asking for user credentials after invalidating session. I see in my debug code that "authenticateUser" from CustomLoginModule is called and user is automatically authenticated.

You mentioned the above ?. Did you try clearing all cookies in your browser before trying it out. Are you setting any cookies ?.

On 07-Jun-2011, at 10:33 PM, Thakur, Ajay K. wrote:

> Thanks for the response
>
> I am attaching here with my realm and login module code
>
>
> :-) Ajay
>
> -----Original Message-----
> From: Shing Wai Chan [mailto:shing.wai.chan...]
> Sent: Tuesday, June 07, 2011 9:09 AM
> To: Thakur, Ajay K.
> Subject: Re: SSO cookie expiration question
>
> You may like to send emails to users@glassfish.dev.java.net as there are
> many experts in the alias.
> In your case, you may like to check the implementation of your custom
> realm/login module.
> Shing Wai Chan
>
> On 6/7/11 8:04 AM, Thakur, Ajay K. wrote:
>> Hi Chan,
>>
>> I was able to implement SSO functionality with Logout functionality. Once user logout from one application, he is logged out of all the applications. I used HTTPSession.invalidate().
>>
>> However the applications are not asking for user credentials after invalidating session. I see in my debug code that "authenticateUser" from CustomLoginModule is called and user is automatically authenticated.
>>
>> We have a requirement where user's need to be prompted for credentials (username/password) and I am not able to figure out how to force Glassfish to do so. This is a very urgent requirement and is stopping our project to get deployed.
>>
>> Your help in this regards is greatly greatly appreciated.
>>
>> Thanks.
>>
>> :-) Ajay
>>
>> -----Original Message-----
>> From: Shing Wai Chan [mailto:shing.wai.chan...]
>> Sent: Monday, June 06, 2011 8:57 AM
>> To: Thakur, Ajay K.
>> Cc: webtier@glassfish.dev.java.net
>> Subject: Re: SSO cookie expiration question
>>
>> Are you looking at virtual server level SSO? GlassFish 3.1 already has that?
>> http://blogs.oracle.com/jluehe/entry/virtual_hosting_features_in_glassfish
>> http://weblogs.java.net/blog/swchan2/archive/2011/03/01/high-availabilit...
>>
>> Shing Wai Chan
>
>

thakur1
Offline
Joined: 2011-06-08

Ya I did clear the cookie before I start the application, but after logout (session invalidate call) the session is invalidated for all the applications but cookie JSESSIONID and/or JSESSIONIDSSO is not getting removed or expired (I guess). I am not able to force or indicate to SSO to throw the popup for user after he is logged out of one application. :-) Ajay