Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-22880

[GSS](7.4.z) SPNEGO authentication happens for every request

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 7.1.6.GA
    • Security
    • None
    • False
    • False
    • Hide

      Remove <single-sign-on/> from the undertow subsystem.

      Show
      Remove <single-sign-on/> from the undertow subsystem.

      I have a couple of EAP instances where an application protected by SPNEGO  and <single-sign-on/> is enabled, and set up httpd as a proxy in front of EAP instances.

      When accessing EAP #1 via httpd, SPNEGO authentication happens. And subsequent requests to EAP #1 via httpd do not require authentication (cached-session mechanism works fine).

      Then, accessing EAP #2 via httpd, SPNEGO authentication happens as well, then, unlike #1, every subsequent requests to EAP #2 require authentication (it seems cached-session mechanism does not work).

      Swapping #1 and #2, Re-authentication happens for every subsequent requests to EAP #1, therefore, it is not caused by something wrong in EAP #2 configuration (The configurations of both nodes are exactly same except for the node names).

      I do not see the issue removing <single-sign-on/> from the undertow subsystem in both nodes.
      Hence, the issue would be caused by conflict between the single-sign-on feature in undertow and local authentication of a single application.

        1. standalone-ha.xml
          33 kB

              rhn-support-rmartinc Ricardo Martin Camarero
              rhn-support-hokuda Hisanobu Okuda
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: