General J2EE: Windows Integrated Authentication and Tomcat
- Posted by: Tiago G
- Posted on: July 21 2005 06:59 EDT
I'm using Tomcat 5.5 (with Apache web server) and need to provide Windows Integrated Authentication against AD (win2k domain).
My question is: What's the best (easiest) way to do so ?
1. Trying to configure SNEGO for apache web server. What's the best SNEGO implementation/module?
2. Using IIS as web server. In this case, how is the user information passed from IIS to Tomcat?
Thanks in advance.
- Windows Integrated Authentication and Tomcat by Pine Tree on July 21 2005 07:14 EDT
- Windows Integrated Authentication and Tomcat by Biswa Das on July 21 2005 14:31 EDT
How about authenticate using LDAP?
GSS-API provides a way to connect to AD but doesn't solve the problem of Integrated Windows Authentication. The client browser has to send the user information to the web server in a secure way.
The bottom line is request.getRemoteUser will return null if the tomcat has not authenticated. You may have to rebuild tomcat server for your custom authentication or use a request wrapper but in request wrapping you have to use some cookie to find out who was the user authenticated in windows or apache.
The below link explains the required configuration to make Tomcat work for Windows Integrated Authentication. http://webmoli.com/2009/08/29/single-sign-on-in-java-platform/
Here's an open source library, http://spnego.sourceforge.net, that does exactly what you want. Take a look at the installation instructions for Tomcat.