Hi,

I'm using Tomcat 5.5 (with Apache web server) and need to provide Windows Integrated Authentication against AD (win2k domain).

My question is: What's the best (easiest) way to do so ?

1. Trying to configure SNEGO for apache web server. What's the best SNEGO implementation/module?

2. Using IIS as web server. In this case, how is the user information passed from IIS to Tomcat?

Thanks in advance.

Greetz,
TGV

Hi,

How about authenticate using LDAP?

http://java.sun.com/products/jndi/tutorial/ldap/security/gssapi.html

http://today.java.net/pub/a/today/2005/05/31/tomcatldap.html

HTH

Hi,

GSS-API provides a way to connect to AD but doesn't solve the problem of Integrated Windows Authentication. The client browser has to send the user information to the web server in a secure way.

Cheers,
TGV

The bottom line is request.getRemoteUser will return null if the tomcat has not authenticated. You may have to rebuild tomcat server for your custom authentication or use a request wrapper but in request wrapping you have to use some cookie to find out who was the user authenticated in windows or apache.

The below link explains the required configuration to make Tomcat work for Windows Integrated Authentication. http://webmoli.com/2009/08/29/single-sign-on-in-java-platform/

Here's an open source library, http://spnego.sourceforge.net, that does exactly what you want. Take a look at the installation instructions for Tomcat.