Programmatic web authentication (HttpServletRequest.login()) does not trigger sso when using Elytron

Solution Unverified - Updated -

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 7.1
    • 7.2
    • 7.3
  • Elytron

Issue

  • Programmatic web authentication HttpServletRequest.login() does not trigger SSO when using Elytron
  • JSESSIONIDSSO does not get created

Resolution

This issue is being tracked on JBEAP-20627. A resolution is expected in JBoss EAP 7.3 update 6.

Root Cause

JBEAP-20627

Diagnostic Steps

Programmatic login does not create JSESSIONIDSSO:

    HTTP/1.1 302 Found
    Connection: keep-alive
    Location: http://localhost:8080/login-test/restricted
    Content-Length: 0
    Date: Wed, 02 Dec 2020 16:29:23 GMT

While posting to j_security_check successfully creates JSESSIONIDSSO:

    HTTP/1.1 302 Found
    Expires: 0
    Connection: keep-alive
    Cache-Control: no-cache, no-store, must-revalidate
    Set-Cookie: JSESSIONIDSSO=SEJgRMi0tnzH5DM2a2ksKSgdlFaJAbW6o5VdRYle; path=/; domain=localhost
    Pragma: no-cache
    Location: http://localhost:8080/login-test/restricted
    Content-Length: 0
    Date: Wed, 02 Dec 2020 16:25:10 GMT

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments