Programmatic web authentication (HttpServletRequest.login()) does not trigger sso when using Elytron
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 7.1
- 7.2
- 7.3
- Elytron
Issue
- Programmatic web authentication
HttpServletRequest.login()
does not trigger SSO when using Elytron JSESSIONIDSSO
does not get created
Resolution
This issue is being tracked on JBEAP-20627. A resolution is expected in JBoss EAP 7.3 update 6.
Root Cause
Diagnostic Steps
Programmatic login does not create JSESSIONIDSSO:
HTTP/1.1 302 Found
Connection: keep-alive
Location: http://localhost:8080/login-test/restricted
Content-Length: 0
Date: Wed, 02 Dec 2020 16:29:23 GMT
While posting to j_security_check successfully creates JSESSIONIDSSO:
HTTP/1.1 302 Found
Expires: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: JSESSIONIDSSO=SEJgRMi0tnzH5DM2a2ksKSgdlFaJAbW6o5VdRYle; path=/; domain=localhost
Pragma: no-cache
Location: http://localhost:8080/login-test/restricted
Content-Length: 0
Date: Wed, 02 Dec 2020 16:25:10 GMT
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments