Double LDAP Authentication Requests Using Weblogic 7

We have a situation where we seeing some double requests for authentication from WebLogic. Once upon application login and (sometimes) later when a link back to the web application is selected by the user.

Here is the scenario: We are on WebLogic 7 SP5 and plan to migrate to WebLogic 8 in the next few months and use IE6 as the only browser. The web application uses basic security using a specific LDAP group which forces the user to log in and be authenticated prior to getting to the web application.

The web application has a page which contains a javascript function that opens a modal window (uses window.showModalDialog) on another page. The modal page has a URL link (yes, having a anchor on a modal window is allowed - bizarre, but allowed (e.g., something like

<a href="/displayFile.do?id=9444808" target="_blank">abc </a>

When the user selects the link for the first time, the there are two different behaviors depending upon the setup:

- if the user has no other browser windows open, the link opens a new window on top of the modal window (odd, but true) without any problems.

- if the user had a browser window open previously, then the user is given another login prompt when they select the link on the modal page (e.g., the user initially has a browser open on cnn.com and then opens another browser from the start menu, connects to the web application logs-in, navigates to the first page, opens up the modal window and selects the link on the modal window - the user is give a second authentication prompt)

if we change the 'window.showModalDialog' to 'window.open', we get none of this re-authentication behavior.

We would rather not have the second WebLogic authentication and still maintain our modal windows. Does anyone have any ideas about why this behavior might be occurring? Any ideas on how to solve this and continue using modal windows?

Thank you,

James

Originally posted by James Falek:

We would rather not have the second WebLogic authentication and still maintain our modal windows. Does anyone have any ideas about why this behavior might be occurring? Any ideas on how to solve this and continue using modal windows?

This is a problem with instances of the browser ralated to java httpsessions, as far as the user already have an open window from the browser and then opens a fresh new one(without using ctrl+n) the server starts a new session for that window,(try printing the session id to check it) so the autentication does not have value for the window opened in a diferent session. To solve this the only option is targeting the window you are oppening to use the same browser instance that have the session already autenticated for the browser and not to use the other one.

Originally posted by Marcos Maia:


This is a problem with instances of the browser ralated to java httpsessions, as far as the user already have an open window from the browser and then opens a fresh new one(without using ctrl+n) the server starts a new session for that window,(try printing the session id to check it) so the autentication does not have value for the window opened in a diferent session. To solve this the only option is targeting the window you are oppening to use the same browser instance that have the session already autenticated for the browser and not to use the other one.

Thank you very much for the feedback . There are still two issues that I don't fully understand and any help on them would be wonderful.

why the behavior depending upon how the initial window open (window.open vs. window.showModalDialog). When I start with window.open, the link back to to the application works fine. When I start with window.showModalDialog, I get the second LDAP authorization request.

why after the second login request, there are no subsequent ones - regardless of if I close the modal window and then restart it.

Thank you again and if you have any more ideas, I sure appreciate your insight.

James
[ July 20, 2004: Message edited by: James Falek ]