1 Reply Latest reply on May 2, 2011 3:56 PM by gimbal2

    Enabling Cross-Domain trust between web modules

      I'm using WebLogic 10.0.
      My application has a few domains, each of them containing web modules (WARs).
      Currently, I use basic authentication as an authentication method.
      Once a user successfully logged in to one of the domains, he can go on to another domain without having to do basic auth again.
      I thought that this behavior is caused by a trust between the domains, but after checking it out, I found that there's no trust configured.

      Anyway, I need to "upgrade" my auth method to form-based authentication.
      I changed all the web.xml descriptors and wrote the forms for the authentication, and they all work.

      The problem is that now every time I want to navigate to a page located in a different web module, I need to pass form auth again,
      unlike previously with the basic auth.

      Does anyone have a clue why that happens and how I can work this around?

      Thanks in advance,
        • 1. Re: Enabling Cross-Domain trust between web modules
          Form auth will be bound to the user's session (as apposed to basic authentication, which is cached by the browser). The two contexts will have different sessions, so yes you would need to authenticate in both.

          You could try researching session sharing, but I would in stead look into single sign-on (SSO) strategies as that is basically what you want; a single authentication for multiple (web) applications.