Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FISH-6047: Fix Single Sing On handling for Jaspic applications, Single Sign Off for all SSO-enabled apps #6053

Merged
merged 1 commit into from
Nov 21, 2022
Merged

FISH-6047: Fix Single Sing On handling for Jaspic applications, Single Sign Off for all SSO-enabled apps #6053

merged 1 commit into from
Nov 21, 2022

Conversation

pdudits
Copy link
Contributor

@pdudits pdudits commented Nov 16, 2022

Description

Fixes #5551. The session that estabilishes SSO ID is now added into SSO tracking object.

Upon logout, the session is now explicitly invalidated before new SSO ID is generated.

Empty realm is now handled the same as null realm. Therefore to enable SSO between Jaspic, or Jakarta EE Security, following must be present in web.xml:

<login-config>
  <realm-name>anything</realm-name>
</login-config>

This doesn't need to refer to any existing realm name, it's a mean to enable applications to opt-in to SSO feature. Otherwise any two applications would be treated as SSO ones, regardless of their identity store or even authentication mechanism.

Testing

Testing Performed

Test project per our internal JIRA now behaves as expected (after making the change to web.xml).

Testing Environment

Apache Maven 3.8.6 (84538c9988a25aec085021c365c560670ad80f63)
Maven home: C:\ProgramData\chocolatey\lib\maven\apache-maven-3.8.6
Java version: 11.0.12, vendor: Azul Systems, Inc., runtime: C:\Program Files\Zulu\zulu-11
Default locale: en_US, platform encoding: Cp1252
OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"

@pdudits
FISH-6047: Explicitly handle start and end of SSO-enabled sessions, r…
6f0491a 
…equire realm name to be set

Explicitly assosiate first session with object, do not rely on that to be side effect of creating session
at just the right time.

Do not enable SSO when realm name is empty such as with JASPIC applications, as
that would enable it before any two applications even if their means of authentications
are incompatible
@pdudits
Copy link
Contributor Author

pdudits commented Nov 16, 2022

Jenkins test please

@pdudits pdudits merged commit ae93280 into payara:master Nov 21, 2022
@pdudits pdudits mentioned this pull request Nov 25, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arieki arieki arieki approved these changes

@fturizo fturizo Awaiting requested review from fturizo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SSO not executing single logout properly /FISH-6047
2 participants
@pdudits @arieki