geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jia Mao <>
Subject Generic Header based authentication
Date Tue, 19 Oct 2010 03:10:29 GMT

I used the 2.1.7 server,geronimo-tomcat6-javaee5-2.1.7-SNAPSHOT-bin, built
on 2010.10.19 trying to verify the Generic Header based authentication as
described in Geronimo-5197 on the windows platform.

I installed the Apache Http Server and configured its httpd.conf file by
adding the following snippets:

LoadModule proxy_module modules/

LoadModule proxy_http_module modules/

<IfModule mod_proxy.c>

ProxyPass /console http://localhost:8080/console

ProxyPass /demo_properties http://localhost:8080/demo_properties


<IfModule mod_proxy.c>

ProxyPassReverse / http://localhost:8080/


<IfModule mod_headers.c>

<Location /demo_properties>

RequestHeader add SM_USER izumi



LoadModule headers_module modules/

The deployment plan, TestPropsRealm.xml, for the properties file security
realm is attached in the mail. In the realm, there are two additional tags:

<log:option name="headerNames">SM_USER</log:option>

<log:option name="authenticationAuthority">Siteminder</log:option>

which shall configure the security realm for properties login module to use
Generic Header based authentication.

The two properties files used are: &, attached in the mail.

The application for verification is file-realm-demo-, also
attached in the mail. If working correctly, to access the protect files from
the index page, users should be linked to the logon page. However, by
clicking on the “Protect” link, a 403 - Forbidden HTTP error was received.

The information from Geronimo log is as follows:

2010-10-19 11:04:11,888 WARN  [GenericHttpHeaderLoginmodule] An Unauthorized
attempt has been made to access the protected resource from host

Could anyone provide some advice on the issue. Thank you very much!


View raw message