Skip to Content.
Sympa Menu

shibboleth-dev - Re: Continuing the cookie discussion...

Subject: Shibboleth Developers

List archive

Re: Continuing the cookie discussion...


Chronological Thread 
  • From: Walter Hoehn <>
  • To: "Howard Gilbert" <>
  • Cc: <>
  • Subject: Re: Continuing the cookie discussion...
  • Date: Wed, 15 Dec 2004 15:47:21 -0600

Can't we just do some JNDI magic to allow the session data to span these contexts without re-directs?

-Walter


On Dec 13, 2004, at 6:40 PM, Howard Gilbert wrote:
So now consider a logical application split into http://dummy.yale.edu/part1
and http://dummy.yale.edu/part2. Part 1 is the main entry point written by
one group to perform the main control functions, and part2 is a secondary
war file packaged by a second group to perform supplementary functions. So
the user comes into Part1 and logs on. In fact, there is a RequestMap
definition for host, port, and directory mapped to applicationID=xxx
requiring authentication. Some URL, however, directs the user from Part1 to
Part2, maybe to pick up a JPG file. This is a separate context, separate
instance of the Filter, separate HttpSession object, and probably separate
cookie scope (because we don't want to confuse
http://dummy.yale.edu/completelydifferentapplication). Since the Filter
(Resource Manager) has no history for this user, he thinks he has to logon
again. If the WAYF has a cookie, then it is certainly true we could Redirect
to the WAYF, AA, Post back to the SHIRE, and then come back to Part2. Or, we
could redirect to http://dummy.yale.edu/shibboleth/something and let it
decide if there is already a ShibSession (for Part1) that is scoped to be
useable (say by being mapped by the RequestMap to the same applicationID) to
Part2. If so, then we go back to Part2 immediately and it can pick up the
attributes just as if there had been a new Shire POST.

Attachment: smime.p7s
Description: S/MIME cryptographic signature




Archive powered by MHonArc 2.6.16.

Top of Page