You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Thompson, Neil" <Ne...@shepway.gov.uk> on 2006/03/28 14:07:26 UTC

[users@httpd] Subject: Single sign-on with multiple Tomcats served via one Apache httpd server

Hi there!

Configuration:
a. Apache httpd 2.0 server (IP0, port 80) with some content served from /cms
b. Worker to a Tomcat 4.1 running on a separate box (IP1:8080) mapped to /app1
c. Anpother worker to another Tomcat 5.5 running on separate box (IP2:8080) mapped to /app2

Both Tomcats are using the same configuration for security realm (pointing to the same DataSource parameters of course):

      <Realm className=" org.apache.catalina.realm.DataSourceRealm"
          dataSourceName="jdbc/default"
          debug="99"
          userTable="corporate.dbo.t_userlogin"
          userNameCol="c_username" 
          userCredCol="c_password"
          userRoleTable="corporate.dbo.t_userpermission"
          roleNameCol="c_rolename"
          digest="md5"/>

and have their Single Sign-on valve turned on: 

        <Valve className="org.apache.catalina.authenticator.SingleSignOn" debug="0"/>

However, if you're required to authenticate to access say, /app1/aSecure.jsp, you will be asked to authenticate again to access say, /app2/anotherSecure.jsp, though from the user point of view, this is the same username/password on the same URL. 

Is there a way to carry over the single sign-on from each Tomcat to the Apache server, so that /app2/anotherSecure.jsp can trust the authentication done while visiting /app1/aSecure.jsp, or should this be done in a completely different way? 

We have to keep those two separate Tomcats (distinct hardware, different versions, performance issues).

Thanks for your help!




Neil Thompson
Analyst/Programmer
Systems Development
ICT Services 
Shepway District Council, Folkestone, Kent.
Direct Tel:  01303 853340
Direct Fax: 01303 245978
E-Mail: neil.thompson@shepway.gov.uk  <ma...@shepway.gov.uk> 
Website: www.shepway.gov.uk <http://www.shepway.gov.uk/> 

     
  _____  

The contents and any attachments of this e-mail message are confidential and intended only for the named addressees. 
If you have received it in error, please advise the sender immediately by return email and then delete it from your system.
Any unauthorised distribution, or copying of this transmission, or mis-use or wrongful disclosure of information contained in it, is strictly prohibited.
Shepway District Council cannot accept liability for any statements made which are clearly the sender's own and not expressly made on behalf of the council." 
  _____  

---------------------------------------------------------
Scanning of this message and addition of this footer has 
been performed by Shepway District Council with email
filtering and virus detection software.
---------------------------------------------------------