| Anchor |
|---|
| Things that you should be aware of when using the ssoX509SecurityContextPersistenceFilter and the ssoX509AuthenticationProcessingFilter |
|---|
| Things that you should be aware of when using the ssoX509SecurityContextPersistenceFilter and the ssoX509AuthenticationProcessingFilter |
|---|
|
Things that you should be aware of when using the ssoX509SecurityContextPersistenceFilter and the ssoX509AuthenticationProcessingFilter.
- These filters are designed to work with either Touchstone authentication or X509 Application Certificate authentication.
- Touchstone authentication always takes presidency over X509 Application Certificate authentication.
- For each http request based on X509 Application Certificate authentication, a new spring security context will be created when the request is received and destroyed when request is completed.
- For each http request based on Touchstone authentication:
- A check is made to see if a prior http request has been processed.
- If there has been no prior request, then a new security context is created and will be saved when the request is completed.
- If there has been a prior request, then existing security context is retrieve and a check is made to verify that the security context principal is identical to the Touchstone remote user.
- If the security context principal is different from the Touchstone remote user, then the existing security context is ignored, a new security context is created and destroyed when the request is completed.
- If the security context principal is identicat to the Touchstoe remote user, then the existing security context is used and updated with the request is completed.
|