Form Based Authentication : connection and bind to directory problems

[Christopher Buffington <bu...@gmail.com>]

I'm trying to use form based authentication with JNDIRealm to validate users
in an Active Directory Application Mode (ADAM) directory. I have a small
test app working; however, I must enable anonymous binds in ADAM or provide
the username and password in the realm element. Obviously both of these
options are not ideally secure.


What I want is to have the Tomcat connect and bind to the directory with the
username and password supplied in the login form. The Realms and AAA section
of the docs say this: "If these properties (connectionName and
connectionPassword) are not specified the connection is anonymous. This is
sufficient in many cases." What I run in to is that when Tomcat tries the
initial connection it fails. I then cannot connect and bind with the user
name and password supplied by the form. Does anyone know of a way to force
Tomcat to attempt the connection and bind after the failed connection
attempt?


Thank you

Chris

Re: Form Based Authentication : connection and bind to directory problems

[Martin Gainty <mg...@hotmail.com>]

Good Afternoon
yes..sooner or later you will need to test your authenticate algorithm with valid username/password combination
If you're in healthcare app such as ADAM your authentication algo will need to support HIPAA law 
In any case please keep me apprised on your progress,
Thanks
Martin --
This e-mail communication and any attachments may contain confidential and privileged information for the use of the 
designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received
this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents
----- Original Message ----- 
From: "Christopher Buffington" <bu...@gmail.com>
To: "Tomcat Users List" <us...@tomcat.apache.org>; "Martin Gainty" <mg...@hotmail.com>
Sent: Monday, December 04, 2006 5:40 PM
Subject: Re: Form Based Authentication : connection and bind to directory problems


> Thanks for the info. I have actually gotten this far. In the examples
> connectionName and connectionPassword are used and I'm trying not to put
> those valuse in my Realm configuration. I am able to do it by turning on
> anonymous logins in ADAM but I know this will not be allowed for a final
> solution.
> 
> Thanks
> 
> 
> 
> On 11/29/06, Martin Gainty <mg...@hotmail.com> wrote:
>>
>> Would have to see your server.xml configuration for <Realm
>> Here is an example of a successful AD entry specified in Realm
>> be mindful that referrals="follows" must be specified "follows" to use
>> Microsoft AD
>> Declarative example follows here
>>
>> http://mail-archives.apache.org/mod_mbox/tomcat-users/200311.mbox/%3C819E8DE0BA5B76408A9D7C9AC5866FC38338@web00.computing-oasis.com%3E
>> Here is the javadoc for JNDIRealm (for programmatic implementation)
>> This e-mail communication and any attachments may contain confidential and
>> privileged information for the use of the
>> designated recipients named above. If you are not the intended recipient,
>> you are hereby notified that you have received
>> this communication in error and that any review, disclosure,
>> dissemination, distribution or copying of it or its
>> contents
>> ----- Original Message -----
>> From: "Christopher Buffington" <bu...@gmail.com>
>> To: <us...@tomcat.apache.org>
>> Sent: Wednesday, November 29, 2006 1:54 PM
>> Subject: Form Based Authentication : connection and bind to directory
>> problems
>>
>>
>> > I'm trying to use form based authentication with JNDIRealm to validate
>> users
>> > in an Active Directory Application Mode (ADAM) directory. I have a small
>> > test app working; however, I must enable anonymous binds in ADAM or
>> provide
>> > the username and password in the realm element. Obviously both of these
>> > options are not ideally secure.
>> >
>> >
>> > What I want is to have the Tomcat connect and bind to the directory with
>> the
>> > username and password supplied in the login form. The Realms and AAA
>> section
>> > of the docs say this: "If these properties (connectionName and
>> > connectionPassword) are not specified the connection is anonymous. This
>> is
>> > sufficient in many cases." What I run in to is that when Tomcat tries
>> the
>> > initial connection it fails. I then cannot connect and bind with the
>> user
>> > name and password supplied by the form. Does anyone know of a way to
>> force
>> > Tomcat to attempt the connection and bind after the failed connection
>> > attempt?
>> >
>> >
>> > Thank you
>> >
>> > Chris
>> >
>

Re: Form Based Authentication : connection and bind to directory problems

[Christopher Buffington <bu...@gmail.com>]

Thanks for the info. I have actually gotten this far. In the examples
connectionName and connectionPassword are used and I'm trying not to put
those valuse in my Realm configuration. I am able to do it by turning on
anonymous logins in ADAM but I know this will not be allowed for a final
solution.

Thanks



On 11/29/06, Martin Gainty <mg...@hotmail.com> wrote:
>
> Would have to see your server.xml configuration for <Realm
> Here is an example of a successful AD entry specified in Realm
> be mindful that referrals="follows" must be specified "follows" to use
> Microsoft AD
> Declarative example follows here
>
> http://mail-archives.apache.org/mod_mbox/tomcat-users/200311.mbox/%3C819E8DE0BA5B76408A9D7C9AC5866FC38338@web00.computing-oasis.com%3E
> Here is the javadoc for JNDIRealm (for programmatic implementation)
> This e-mail communication and any attachments may contain confidential and
> privileged information for the use of the
> designated recipients named above. If you are not the intended recipient,
> you are hereby notified that you have received
> this communication in error and that any review, disclosure,
> dissemination, distribution or copying of it or its
> contents
> ----- Original Message -----
> From: "Christopher Buffington" <bu...@gmail.com>
> To: <us...@tomcat.apache.org>
> Sent: Wednesday, November 29, 2006 1:54 PM
> Subject: Form Based Authentication : connection and bind to directory
> problems
>
>
> > I'm trying to use form based authentication with JNDIRealm to validate
> users
> > in an Active Directory Application Mode (ADAM) directory. I have a small
> > test app working; however, I must enable anonymous binds in ADAM or
> provide
> > the username and password in the realm element. Obviously both of these
> > options are not ideally secure.
> >
> >
> > What I want is to have the Tomcat connect and bind to the directory with
> the
> > username and password supplied in the login form. The Realms and AAA
> section
> > of the docs say this: "If these properties (connectionName and
> > connectionPassword) are not specified the connection is anonymous. This
> is
> > sufficient in many cases." What I run in to is that when Tomcat tries
> the
> > initial connection it fails. I then cannot connect and bind with the
> user
> > name and password supplied by the form. Does anyone know of a way to
> force
> > Tomcat to attempt the connection and bind after the failed connection
> > attempt?
> >
> >
> > Thank you
> >
> > Chris
> >

Re: Form Based Authentication : connection and bind to directory problems

[Martin Gainty <mg...@hotmail.com>]

Would have to see your server.xml configuration for <Realm
Here is an example of a successful AD entry specified in Realm
be mindful that referrals="follows" must be specified "follows" to use Microsoft AD
Declarative example follows here
http://mail-archives.apache.org/mod_mbox/tomcat-users/200311.mbox/%3C819E8DE0BA5B76408A9D7C9AC5866FC38338@web00.computing-oasis.com%3E
Here is the javadoc for JNDIRealm (for programmatic implementation)
This e-mail communication and any attachments may contain confidential and privileged information for the use of the 
designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received
this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents
----- Original Message ----- 
From: "Christopher Buffington" <bu...@gmail.com>
To: <us...@tomcat.apache.org>
Sent: Wednesday, November 29, 2006 1:54 PM
Subject: Form Based Authentication : connection and bind to directory problems


> I'm trying to use form based authentication with JNDIRealm to validate users
> in an Active Directory Application Mode (ADAM) directory. I have a small
> test app working; however, I must enable anonymous binds in ADAM or provide
> the username and password in the realm element. Obviously both of these
> options are not ideally secure.
> 
> 
> What I want is to have the Tomcat connect and bind to the directory with the
> username and password supplied in the login form. The Realms and AAA section
> of the docs say this: "If these properties (connectionName and
> connectionPassword) are not specified the connection is anonymous. This is
> sufficient in many cases." What I run in to is that when Tomcat tries the
> initial connection it fails. I then cannot connect and bind with the user
> name and password supplied by the form. Does anyone know of a way to force
> Tomcat to attempt the connection and bind after the failed connection
> attempt?
> 
> 
> Thank you
> 
> Chris
>

Re: Form Based Authentication : connection and bind to directory problems

[Tim Funk <fu...@joedog.org>]

IIRC there is no way to do that. As an alternative, you can hack 
JNDIRealm to have it do what you wish.

-Tim

Christopher Buffington wrote:
> I'm trying to use form based authentication with JNDIRealm to validate 
> users
> in an Active Directory Application Mode (ADAM) directory. I have a small
> test app working; however, I must enable anonymous binds in ADAM or provide
> the username and password in the realm element. Obviously both of these
> options are not ideally secure.
> 
> 
> What I want is to have the Tomcat connect and bind to the directory with 
> the
> username and password supplied in the login form. The Realms and AAA 
> section
> of the docs say this: "If these properties (connectionName and
> connectionPassword) are not specified the connection is anonymous. This is
> sufficient in many cases." What I run in to is that when Tomcat tries the
> initial connection it fails. I then cannot connect and bind with the user
> name and password supplied by the form. Does anyone know of a way to force
> Tomcat to attempt the connection and bind after the failed connection
> attempt?
> 
> 
> Thank you
> 
> Chris
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org