Show Table of Contents
19.2. SSO behavior
The user will not be challenged as long as they access only unprotected resources in any of the web applications on the virtual host.
Upon access to a protected resource in any web app, the user will be challenged to authenticate, using the log in method defined for the web app.
Once authenticated, the roles associated with this user will be utilized for access control decisions across all of the associated web applications, without challenging the user to authenticate themselves to each application individually.
If the web application invalidates a session (by invoking the
javax.servlet.http.HttpSession.invalidate() method), the user's sessions in all web applications will be invalidated.
A session timeout does not invalidate the SSO if other sessions are still valid.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.