https://bz.apache.org/bugzilla/show_bug.cgi?id=57753
--- Comment #2 from Kenneth Gendron <kenneth.gend...@gmail.com> --- Even more investigation. This only occurs when setting requireReauthentication to true. In the SingleSignOn implementation it explicitly does not set the user principal if requireReauthentication is set, but instead delegates this to the realm downstream; however, since the downstream realm knows that the page requested is insecure, it does not perform reauthentication. The only way I can think of to correct this would be to invoke the SingleSignOn again after the realm is completed, but I think that is too cumbersome. Sorry you can close it. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
