Other |
---|
1.4.2_05 05Fixed |
Duplicate :
|
|
Relates :
|
|
Relates :
|
|
Relates :
|
Initial problem: When server is configured as NCSA basic authentication, and when user accesses to the server with IE, it pops up a login dialog, after user provides the right login credentials, the response page is sent back to browser. If the response page contains a java applet tag with codebase pointing to an archive file on the the same server, jre 1.4.x will popup another login dialog, user has to provide username/password again to dismiss it. Sun's workaround: Sun suggests to check the remember the username/password check box in the first NCSA authentication dialog to avoid the second JVM dialog. It works but we have security concerns: The NCSA basic authentication is required by our single sign on feature, which is applicatable to customer facing application. User can access the application from any machine and if the remember username/password is checked, then anyone who accesses that machine can also access the saved user account for that application. This is definitely not an accessible behavior. We would like to have a complete solution to this problem.
|