| Anchor |
|---|
| Things that you should be aware of when using the ssoX509SecurityContextPersistenceFilter and the ssoX509AuthenticationProcessingFilter |
|---|
| Things that you should be aware of when using the ssoX509SecurityContextPersistenceFilter and the ssoX509AuthenticationProcessingFilter |
|---|
|
Things that you should be aware of when using the ssoX509SecurityContextPersistenceFilter and the ssoX509AuthenticationProcessingFilter.
- These filters are designed to work with either Touchstone authentication or X509 Application Certificate authentication.
- Touchstone authentication always takes presidency over X509 Application Certificate authentication.
- For each http request based on X509 Application Certificate authentication, a new spring security context will be created when the request is received and destroyed when request is completed.
- For each http request based on Touchstone authentication:
- A check is made to see if a prior http request has been processedthere is an existing security context for the request.
- If there has been no prior requestis no existing security context, then a new security context is created and will be saved when the request is has been completed.
- If there has been a prior requestis an existing security context, then existing security context is retrieve and a check is made to verify that the security context principal is identical to the Touchstone remote user.
- If the security context principal is different from the Touchstone remote user, then the existing security context is ignored, a new security context is created and will be destroyed when the request is has been completed.
- If the security context principal is identicat identical to the Touchstoe Touchstone remote user, then the existing security context is used and updated with will saved when the request is has been completed.
|