FISH-6047: Fix Single Sing On handling for Jaspic applications, Single Sign Off for all SSO-enabled apps #6053
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fixes #5551. The session that estabilishes SSO ID is now added into SSO tracking object.
Upon logout, the session is now explicitly invalidated before new SSO ID is generated.
Empty realm is now handled the same as
null
realm. Therefore to enable SSO between Jaspic, or Jakarta EE Security, following must be present inweb.xml
:This doesn't need to refer to any existing realm name, it's a mean to enable applications to opt-in to SSO feature. Otherwise any two applications would be treated as SSO ones, regardless of their identity store or even authentication mechanism.
Testing
Testing Performed
Test project per our internal JIRA now behaves as expected (after making the change to
web.xml
).Testing Environment