Tomcat Single Sign On (SSO)

I have been reading about Tomcat's SSO and have questions on the following scenario:
There are three web applications A, B and C. Each web application has its own administrators, managers, registered users etc and are independent of each other, i.e.
User1 can be an administrator in A, but only a registered user in B and C.

But, according to the documentation
"Once authenticated, the roles associated with this user will be utilized for access control decisions across all  of the associated web applications..."

If User1 gets logged in, will he be
Case1: administrator in all web applications
Case2: administrator in A and regular users in B and C (as intended)? Any explanations are appreciated.

If it is Case2 and as I have roles for a user in LDAP, how does it get translated to the web application, i.e. how does tomcat tell web application A that User 1 is administrator and B and C that he is a regular user?
Who is Participating?
Gibu GeorgeConnect With a Mentor Chief Technology OfficerCommented:
I think it is Case1 as the documentation says all the applications should use the same Realm.
Purdue_PeteAuthor Commented:
gibu_george - Yes - that's what I think so too

experts - Any experts who have tried  Tomcat's SSO and can confirm gibu_george's answer???
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.