You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jacob Kjome <ho...@visi.com> on 2003/03/24 15:30:18 UTC
Re: Windows 2000 Authentication Integration
You should be able to get it via request.getRemoteUser(). However, note
that when using the JK connectors, you will have to tell Tomcat whether it
should get the remote user from the JK environment or from within
Tomcat. When using Tomcat with Apache, that is done via adding the
following to the jk2.properties file...
request.tomcatAuthentication=false
I believe this will also work for the IIS connector.
See this resolved bug for
details...http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12196
Jake
At 02:50 PM 3/24/2003 -0800, you wrote:
>Hi,
>
>I have searched the archives and have not managed to find a decent answer
>for this.
>The users of an intranet are already logged into the windows domain.
>I need to retrieve the currently logged in user name from my java web
>application.
>
>1) I am integrating IIS and tomcat using the isapi redirector.
>2) using IIS 5.0 and Windows 2000 Server
>3) I have set the IIS security to NT Authentication.
>
>
>The response variable that gets set is
>
>"authenticate"
>
>with a value of
>
>TlRMTVNTUAADAAAAGAAYAFgAAAAYABgAcAAAAAgACABAAAAACAAIAEgAAAAIAAgAUAAAAAAAAACI
>AAAABYKAoFMATwBMAE8ASABhAG4AcwBTAE8ATABPAOgkx0G8QbgJhRZRc0xo40R8cUWsA6X0SQ9M
>cj7FIOa2dRLjARCYlxSI3eGrqD12jW
>
>I assume this is some kind of base 64 encoded token which i need to use to
>get the user details from the windows 2000 active directory???
>
>Has anyone got any idea how I retrieve the logged in username.
>
>Thanks
>
>Hans
>
>
>
>
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Windows 2000 Authentication Integration
Posted by Hans Liebenberg <ha...@cambrient.com>.
Hi ,
Thanks for the help.
Correct if i am wrong ,but getRemoteUser() simply returns the REMOTE_USER
cgi header. In windows 2000 which uses kerberos authentication that value is
set to null when IIS is set to use NT authentication?
I was under the impression that I would need to somehow decode the token
Negotiate
TlRMTVNTUAADAAAAGAAYAFgAAAAYABgAcAAAAAgACABAAAAACAAIAEgAAAAIAAgAUAAAAAAAAACI
AAAABYKAoFMATwBMAE8ASABhAG4AcwBTAE8ATABPAJ2pRGfJ0YtxkZH3SSUlrorf0IhAO24Dnzc7
ioGGMJ8o7bSHEZ9M28GKpQosqYHjnA
And then access the active directory...??
Thanks
-----Original Message-----
From: Jacob Kjome [mailto:hoju@visi.com]
Sent: 24 March 2003 06:30
To: Tomcat Users List
Subject: Re: Windows 2000 Authentication Integration
You should be able to get it via request.getRemoteUser(). However, note
that when using the JK connectors, you will have to tell Tomcat whether it
should get the remote user from the JK environment or from within
Tomcat. When using Tomcat with Apache, that is done via adding the
following to the jk2.properties file...
request.tomcatAuthentication=false
I believe this will also work for the IIS connector.
See this resolved bug for
details...http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12196
Jake
At 02:50 PM 3/24/2003 -0800, you wrote:
>Hi,
>
>I have searched the archives and have not managed to find a decent answer
>for this.
>The users of an intranet are already logged into the windows domain.
>I need to retrieve the currently logged in user name from my java web
>application.
>
>1) I am integrating IIS and tomcat using the isapi redirector.
>2) using IIS 5.0 and Windows 2000 Server
>3) I have set the IIS security to NT Authentication.
>
>
>The response variable that gets set is
>
>"authenticate"
>
>with a value of
>
>TlRMTVNTUAADAAAAGAAYAFgAAAAYABgAcAAAAAgACABAAAAACAAIAEgAAAAIAAgAUAAAAAAAAAC
I
>AAAABYKAoFMATwBMAE8ASABhAG4AcwBTAE8ATABPAOgkx0G8QbgJhRZRc0xo40R8cUWsA6X0SQ9
M
>cj7FIOa2dRLjARCYlxSI3eGrqD12jW
>
>I assume this is some kind of base 64 encoded token which i need to use to
>get the user details from the windows 2000 active directory???
>
>Has anyone got any idea how I retrieve the logged in username.
>
>Thanks
>
>Hans
>
>
>
>
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org