You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by danox <da...@cucurucho.org> on 2003/05/16 03:11:59 UTC
Authentication Practices
OK this is not a pure tomcat question, but hopefully it will be known by
someone here.
I am working on moving a current application written for the Domino
platform to a Tomcat platform, for various reasons, we have decided to
do this piece by piece. Thus we will have a domino instance runing on
one server and a tomcat instance running on another server.
The issue that I have is with authentication. I have been able to make
tomcat authenticate from the same source as Domino, however when a
person jumps from the domino server to the tomcat server, or vice versa,
they must athenticate twice.
I need to find a way to make the browser send the same authentication
details to both servers. I have been reading up on HTTP authentication,
and I believe that this is possible to do with digest authentication (as
opposed to basic), but my experiments with this have so far failed. Has
anyone had any experiencing seting up tomcat to validate seamlessly with
another type of server using digest authentication, or some other method?
Thanks in advance.
Danox
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Authentication Practices
Posted by Gary Gwin <to...@cafesoft.com>.
Danox,
BASIC and DIGEST authentication are similar, the difference being that
DIGEST requires the client to hash a password before sending it. BASIC
does everything in cleartext. BASIC and DIGEST authenticate against an
"origin server", and will not solve your multi-server single sign-on
problem.
http://www.ietf.org/rfc/rfc2617.txt
One solution would be to use a proxy. For example, you could configure
Apache on the Tomcat box with mod_jk, and use Apache security and the
Apache Proxy feature to pass requests to the Domino server. In this
configuration, you would loose access within Tomcat to the servlet
security APIs (e.g., request.isUserInRole() . . .).
Gary
danox wrote:
> OK this is not a pure tomcat question, but hopefully it will be known by
> someone here.
>
> I am working on moving a current application written for the Domino
> platform to a Tomcat platform, for various reasons, we have decided to
> do this piece by piece. Thus we will have a domino instance runing on
> one server and a tomcat instance running on another server.
>
> The issue that I have is with authentication. I have been able to make
> tomcat authenticate from the same source as Domino, however when a
> person jumps from the domino server to the tomcat server, or vice versa,
> they must athenticate twice.
>
> I need to find a way to make the browser send the same authentication
> details to both servers. I have been reading up on HTTP authentication,
> and I believe that this is possible to do with digest authentication (as
> opposed to basic), but my experiments with this have so far failed. Has
> anyone had any experiencing seting up tomcat to validate seamlessly with
> another type of server using digest authentication, or some other method?
>
> Thanks in advance.
>
> Danox
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
--
Gary Gwin
http://www.cafesoft.com
*****************************************************************
* *
* The Cafesoft Access Management System, Cams, is security *
* software that provides single sign-on authentication and *
* centralized access control for Apache, Tomcat, and custom *
* resources. *
* *
*****************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Authentication Practices
Posted by pe...@kisstechnologies.co.uk.
You can pass authentication using the URL syntax if you want to use basic
authentication - eg link across to the other server with the URL
http://username:password@myhost/myapp/ - this would be one way to solve
it. Otherwise we have written custom authentication handlers which can
serialise a user's bean on the session and pass that id across to another
server for it to be deserialized. This is managed using filters instead
of the standard system
Pete
Kiss Technologies
http://www.kisstechnologies.co.uk/
Please note, we have moved!
4, Percy Street
London
W1T 1DF
New permanent phone numbers:
Phone 020 7692 9922
Fax 020 7692 9923
danox <da...@cucurucho.org>
16/05/2003 02:11
Please respond to "Tomcat Users List"
To: Tomcat Users List <to...@jakarta.apache.org>
cc:
Subject: Authentication Practices
OK this is not a pure tomcat question, but hopefully it will be known by
someone here.
I am working on moving a current application written for the Domino
platform to a Tomcat platform, for various reasons, we have decided to
do this piece by piece. Thus we will have a domino instance runing on
one server and a tomcat instance running on another server.
The issue that I have is with authentication. I have been able to make
tomcat authenticate from the same source as Domino, however when a
person jumps from the domino server to the tomcat server, or vice versa,
they must athenticate twice.
I need to find a way to make the browser send the same authentication
details to both servers. I have been reading up on HTTP authentication,
and I believe that this is possible to do with digest authentication (as
opposed to basic), but my experiments with this have so far failed. Has
anyone had any experiencing seting up tomcat to validate seamlessly with
another type of server using digest authentication, or some other method?
Thanks in advance.
Danox
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org