[Bug 57753] New: Single sign on returns null for getRemoteUser when accessing insecure page

bugzilla Tue, 24 Mar 2015 21:06:00 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=57753


            Bug ID: 57753
           Summary: Single sign on returns null for getRemoteUser when
                    accessing insecure page
           Product: Tomcat 8
           Version: 8.0.20
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: kenneth.gend...@gmail.com

When using the SingleSignOn valve, any call to getRemoteUser() on the HTTP
request will return null when accessing an insecure page (in other words, a
page not configured in the security section of the web.xml).

If the valve is not used, a call to getRemoteUser() will return the currently
logged in user regardless if accessing an secured page or not.

Not sure whether this is a bug or by design.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57753] New: Single sign on returns null for getRemoteUser when accessing insecure page

Reply via email to