-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification
22.4.3. Limitations
There are a number of known limitations to this Tomcat valve-based SSO implementation:
- Only useful within a cluster of JBoss servers; SSO does not propagate to other resources.
- Requires use of container managed authentication (via
<login-config>
element inweb.xml
) - Requires cookies. SSO is maintained via a cookie and URL rewriting is not supported.
- Unless
requireReauthentication
is set totrue
, all web applications configured for the same SSO valve must share the same JBoss WebRealm
and JBoss Securitysecurity-domain
. This means:- In
server.xml
you can nest theRealm
element inside theHost
element (or the surroundingEngine
element), but not inside acontext.xml
packaged with one of the involved web applications. - The
security-domain
configured injboss-web.xml
orjboss-app.xml
must be consistent for all of the web applications. - Even if you set
requireReauthentication
totrue
and use a differentsecurity-domain
(or, less likely, a differentRealm
) for different webapps, the varying security integrations must all accept the same credentials (e.g. username and password).