Elytron/Wildfly SSO Behavior (26.1.2)

[sand...@gmail.com]

Hello Team,

I have implemented the wildfly(26.1.2) SSO using Elytron but seeing a strange behavior, not sure it it is expected or an issue.

Suppose I have multiple application and all the applications are deployed on same wildfly application server. The SSO is working fine i.e. After login to one application, other applications are not asking for credentials. Perfect. The problem is when I am deploying each  application on different wildfly servers but on same host say as below.

Application-1 http://us-w19-dq-ipl08:8380/abc

Application-2 http://us-w19-dq-ipl08:8080/xyz

Now when I login to one application, the other application is automatically getting logged out. Means If I first login to Application-1 and then login to application-2, I will automatically logged out from application-1. 

Is there anyway that I can make these applications works independently without impacting the other application as they are running on different wildfly servers (but yes on same host). I do not want to disable SSO as my each application is having many login screen and without sso, navigation to those screen will redirect to login screen again and again.

Thanks,

Sandip  

[Diana Krepinska]

Hello, check the docs https://docs.wildfly.org/26/WildFly_Elytron_Security.html#Web_Single_Sign_On to see if you have a configuration issue. You can then create  a WFLY jira issue with steps to reproduce.

[Paul Ferraro]

When running multiple servers, whether on different hosts or the same host, you need to start WildFly using either the ha or full-ha profile.  This ensures that SSO identities are replicated between JVMs.

The relevant configuration is found in the distributable-web subsystem, which configures single sign-on management, either globally, or per application security domain.