kairosci commented on PR #890: URL: https://github.com/apache/tomcat/pull/890#issuecomment-3262594771
Client certificate authentication is currently enforced by Tomcat at the virtual host level rather than per resource. Because of this restriction, the SSLAuthenticator usually applies consistently to every request made by the host. Administrators may, however, set up several authenticators (such as FORM and SSLAuthenticator) on various virtual hosts or during transitional stages in certain deployments. The `allowSsoReauthentication` flag provides flexibility in such hybrid setups, allowing re-authentication from an existing SSO session when appropriate. This modification foresees future extensibility or custom implementations where finer control may be introduced, even though the current architecture does not support per-resource granularity. Additionally, it makes the behavior more transparent and configurable by helping to isolate and clarify the logic surrounding SSO re-authentication. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
