[
https://issues.apache.org/jira/browse/OFBIZ-10047?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16294083#comment-16294083 ]
Jacques Le Roux commented on OFBIZ-10047:
-----------------------------------------
Thanks James,
Just a question why did you comment?
bq. // no need to mutate as password is stored in clear.
Where do you mean "password is stored in clear."?
Else about tomcat SSO session timeout I finally think it's not an issue. Because, even if the SSO session timeout is infinite, anyway you still need to sign in one of the web app to be allowed to get to another web app w/o sign in, thanks to SSO. It's not the same thing than centralised SLO (Single Logout) where you have to logout from a centralised server to logout from all decentralised applications. In OFBiz if you logout from a web app your are logged out from all applications. Sometimes (actually more than sometimes) monolithic applications are convenient ;)
For me this is ready to be committer, thanks for your work!
> Tomcat SSO
> ----------
>
> Key: OFBIZ-10047
> URL:
https://issues.apache.org/jira/browse/OFBIZ-10047> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: Trunk
> Reporter: James Yong
> Assignee: James Yong
> Priority: Minor
> Attachments: OFBIZ-10047.patch, OFBIZ-10047.patch, OFBIZ-10047.patch, OFBIZ-10047.patch
>
>
> Proposing Tomcat SSO to be used in OFBiz to improve on Single-Sign-On.
> This aim to fix the issues mentioned in OFBIZ-6963, OFBIZ-6994.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Locked
