You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Scott Shaver <Sc...@mcdata.com> on 2006/08/22 22:06:00 UTC
IIS 5.0 - Jboss with Tomcat 5.5 - JK 1.2.15 - NTLM
Okay I have Jboss set up on my machine with a simple one page web app
that has an Active Directory security realm set up. I have another
machine running IIS 5 with the isapi_redirect.dll installed as an ISAPI
filter to redirect the requests to Tomcat on my machine. I can access
the web app via IIS, get prompted for a user name and password, the app
server validates me in the AD domain controller and send me the page; As
long as
1> the auth-method in the web.xml is BASIC
2> the IIS web server has Anonymous Access turned on
3> Integrated Windows Security Authentication turned off
To see what the configuration step are for this go to:
http://www.scottshaver2000.com/forum/viewtopic.php?p=601#601
I now want to do the same thing but not have the user get prompted to
login by having the app server use the NTLM headers that IE sends with
the requests. So I thought I could do this:
1> turn Integrated Windows Authentication on for the IIS web site.
2> set the auth-method to CLIENT-CERT in the web.xml
3> set tomcatAuthentication="false" in the tomcat server.xml file
However this doesn't work, does anyone have a clue what I should do
next?
Scott A. Shaver
SPECIAL NOTICE
All information transmitted hereby is intended only for the use of the
addressee(s) named above and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution
of confidential and privileged information is prohibited. If the reader
of this message is not the intended recipient(s) or the employee or agent
responsible for delivering the message to the intended recipient, you are
hereby notified that you must not read this transmission and that disclosure,
copying, printing, distribution or use of any of the information contained
in or attached to this transmission is STRICTLY PROHIBITED.
Anyone who receives confidential and privileged information in error should
notify us immediately by telephone and mail the original message to us at
the above address and destroy all copies. To the extent any portion of this
communication contains public information, no such restrictions apply to that
information. (gate01)
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: IIS 5.0 - Jboss with Tomcat 5.5 - JK 1.2.15 - NTLM
Posted by Scott Shaver <Sc...@mcdata.com>.
Well, I was using CLIENT-CERT because that is how it works in WebLogic.
But if you use BASIC the user gets prompted to login. I have a feeling
that this doesn't work in Jboss. Basically what I need is a combination
of the jCFISs NTML code and the
org.jboss.security.auth.spi.LdapExtLoginModule security realm class.
The NTLM code would get the user credentials from the NTLM headers and
then pass it to the login module to authenticate the user and load the
roles. This is a real bummer I can't believe no one has wanted this
functionality before.
Thanks anyway.
Scott
> -----Original Message-----
> From: Pulkit Singhal [mailto:pulkitsinghal@gmail.com]
> Sent: Tuesday, August 22, 2006 4:37 PM
> To: Tomcat Users List
> Subject: Re: IIS 5.0 - Jboss with Tomcat 5.5 - JK 1.2.15 - NTLM
>
> Hi Scott,
>
> I'm not exactly an expert on this but I'm quite sure that if
> you strictly want to use NTLM...you do not need to this:
> >> 2> set the auth-method to CLIENT-CERT in the web.xml
> unless ofcourse you are doing it because you want a secure
> channel between your IIS server and the tomcat instance which
> is (I think) a whole different game.
>
> Cheers,
> - Pulkit
SPECIAL NOTICE
All information transmitted hereby is intended only for the use of the
addressee(s) named above and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution
of confidential and privileged information is prohibited. If the reader
of this message is not the intended recipient(s) or the employee or agent
responsible for delivering the message to the intended recipient, you are
hereby notified that you must not read this transmission and that disclosure,
copying, printing, distribution or use of any of the information contained
in or attached to this transmission is STRICTLY PROHIBITED.
Anyone who receives confidential and privileged information in error should
notify us immediately by telephone and mail the original message to us at
the above address and destroy all copies. To the extent any portion of this
communication contains public information, no such restrictions apply to that
information. (gate01)
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: IIS 5.0 - Jboss with Tomcat 5.5 - JK 1.2.15 - NTLM
Posted by Pulkit Singhal <pu...@gmail.com>.
Hi Scott,
I'm not exactly an expert on this but I'm quite sure that if you strictly
want to use NTLM...you do not need to this:
>> 2> set the auth-method to CLIENT-CERT in the web.xml
unless ofcourse you are doing it because you want a secure channel between
your IIS server and the tomcat instance which is (I think) a whole different
game.
Cheers,
- Pulkit
On 8/22/06, Scott Shaver <Sc...@mcdata.com> wrote:
>
>
> Okay I have Jboss set up on my machine with a simple one page web app
> that has an Active Directory security realm set up. I have another
> machine running IIS 5 with the isapi_redirect.dll installed as an ISAPI
> filter to redirect the requests to Tomcat on my machine. I can access
> the web app via IIS, get prompted for a user name and password, the app
> server validates me in the AD domain controller and send me the page; As
> long as
>
> 1> the auth-method in the web.xml is BASIC
> 2> the IIS web server has Anonymous Access turned on
> 3> Integrated Windows Security Authentication turned off
>
> To see what the configuration step are for this go to:
> http://www.scottshaver2000.com/forum/viewtopic.php?p=601#601
>
> I now want to do the same thing but not have the user get prompted to
> login by having the app server use the NTLM headers that IE sends with
> the requests. So I thought I could do this:
>
> 1> turn Integrated Windows Authentication on for the IIS web site.
> 2> set the auth-method to CLIENT-CERT in the web.xml
> 3> set tomcatAuthentication="false" in the tomcat server.xml file
>
> However this doesn't work, does anyone have a clue what I should do
> next?
>
> Scott A. Shaver
>
>
> SPECIAL NOTICE
>
> All information transmitted hereby is intended only for the use of the
> addressee(s) named above and may contain confidential and privileged
> information. Any unauthorized review, use, disclosure or distribution
> of confidential and privileged information is prohibited. If the reader
> of this message is not the intended recipient(s) or the employee or agent
> responsible for delivering the message to the intended recipient, you are
> hereby notified that you must not read this transmission and that
> disclosure,
> copying, printing, distribution or use of any of the information contained
> in or attached to this transmission is STRICTLY PROHIBITED.
>
> Anyone who receives confidential and privileged information in error
> should
> notify us immediately by telephone and mail the original message to us at
> the above address and destroy all copies. To the extent any portion of
> this
> communication contains public information, no such restrictions apply to
> that
> information. (gate01)
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>