Apache Tomcat SSO and Session Management with Valkey or Redis

Published on
October 9, 2025

In both custom enterprise applications and commercial software, users prefer a single sign-on (SSO) experience. With SSO, users can authenticate once per session and then enjoy access to all the resources for which they are authorized. However, for the enterprise developer working across multiple instances and nodes, maintaining a seamless SSO experience can become especially challenging.

For Java developers who deploy their apps on Apache Tomcat, Redisson provides a simple yet powerful solution that utilizes Tomcat’s robust SSO capabilities, backed by the high-efficiency data stores Valkey or Redis.

Here are the steps to configure Tomcat to use Valkey or Redis for session management and to enable SSO with Redisson. Following these directions, Java developers can achieve SSO across application tiers for improved scalability and fault tolerance.

Configuring Tomcat for Valkey and Redis Session Management

The first step is to set up Tomcat to store user sessions in an external Valkey or Redis instance. This involves adding the Redisson library to your Tomcat installation and configuring the session manager.

First, you will need to add the redisson-all.jar and the appropriate redisson-tomcat-[-version].jar to the TOMCAT_HOME/lib directory.

Next, you'll need to tell Tomcat to use Redisson's session manager. This is done by adding an element to your application's context.xml file or the global CATALINA_BASE/conf/context.xml: 

<Manager className="org.redisson.tomcat.RedissonSessionManager"
         configPath="${catalina.base}/redisson.yaml"
         readMode="REDIS" updateMode="DEFAULT"/>

Here’s what everything means in this XML snippet:

className: This specifies the Redisson session manager class.

configPath: This points to the Redisson configuration file, which we'll create next.

readMode: This can be REDIS (sessions stored only in Redis/Valkey) or MEMORY (sessions stored in both Redis/Valkey and local Tomcat memory).

updateMode: Determines when session attributes are written to Redis. DEFAULT writes on setAttribute, and AFTER_REQUEST writes at the end of the request.

Now, create a redisson.yaml file in the CATALINA_BASE/conf directory. This file contains the connection details for your Valkey or Redis server. For a single server instance, the configuration is easy with a bit of straightforward YAML:

singleServerConfig:
   address: "redis://127.0.0.1:6379"

Enabling Single Sign-On With Redisson

Now that you have configured Tomcat’s session management, the next step is to enable SSO. This is also very simple, as Redisson provides a Tomcat Valve that intercepts requests and establishes a single sign-on session.

Just add this Valve declaration to the element in your CATALINA_BASE/conf/server.xml file:

<Valve className="org.redisson.tomcat.RedissonSingleSignOn" />

And that’s all there is to it. With this configuration, a user who authenticates to one web application on your Tomcat server will be automatically logged into all other applications on the same host that are configured to use Redisson's session manager. The centralized session store eliminates the need for sticky sessions at the load balancer. Developers thus enjoy more efficient request distribution and improved application resilience.

Simplified Development With Redisson PRO 

This session management and distributed SSO implementation is just one of the many ways Redisson PRO makes it easy to build scalable distributed applications in Java, backed by the speed of Valkey or Redis.