You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Brian Bonner <bk...@gmail.com> on 2005/11/04 15:45:27 UTC

[users@httpd] 408 Error with Apache HTTPD and Tomcat

I'm hoping someone on this list can help me.  I posted on the
tomcat-users list w/ no results.  Here's the post: 
http://www.nabble.com/408-error-with-Form-Authentication-and-Proxy.-Doesn%27t-occur-with-Basic-Auth.-t474352.html#a1291455


I've seen several posts on the Tomcat list that describe a 408 error
in tomcat.  I'm
using Apache 2.0.55 as a proxy to Tomcat 5.0.30.  Using Form based
authentication in Tomcat, I access a secured URL and I'm challenged with a login
form.  I submit a valid userid/password and receive the following
error.

"HTTP Status 408 - The time allowed for the login process has been
exceeded. If you wish to
continue you must either click back twice and re-click the link you
requested or close and re-open your browser".

I can access the same secured resource using the tomcat hostname on
port 8082 or 8080, I'm presented with the same form and provide the
same userid and password, but instead I can access the resource
without any problem.

If I switch to Basic Authentication in web.xml, and I repeat both
tests, I'm presented with the basic auth dialog and both tests are
successful, I'm presented with the secured resource.

There is *negligible* clock time lag between
when the form is presented and the userid and password are entered.
Still not sure why this error is popping up.  It sounds like this also
occurs in 5.5.9 and other configurations.

Does anyone know of a configuration setting or problem that exists
with form authentication when the resource is proxied by a web server
(i.e. httpd).?  I'd like to use form based authentication, but I can't
until I solve this problem.

Thanks.

Brian

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org