httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From George Schlossnagle <>
Subject Re: [users@httpd] Architecture
Date Tue, 16 Sep 2003 14:38:10 GMT

On Tuesday, September 16, 2003, at 10:06  AM, SAQIB wrote:
> On Tue, 16 Sep 2003, Philippe Waltregny wrote:
>> Hello,
>> I would like to set the following architecture :
>> 	- a Web server (Apache) to handle static content, both public
>> and private,
>> 	- an application server (WebSphere and/or Tomcat) as a  Web
>> container.
>> The security constraints are to allow :
>> - the switch between HTTP-HTTPS, HTTP for public resources, HTTPS for
>> login and for private resources,
>> - the single sign-on for Web and Application server, meaning that once
>> identified either by the Web server or by the application server you
>> don’t have to perform any other authentication.
>> - A LDAP server will be used as user registry.
>> 1) How to exchange authentication or session information between the 
>> Web
>> Server and the application server ?

Assuming they are operating under the same domain, session information 
can be shared with domain cookies quite easily.

>> 2) How to achieve the HTTP-HTTPS switch ?

with cookies this switch won't affect your auth.

>> 3) Have you any Apache-WebSphere-Tomcat configuration files or code
>> samples to do it?
>> 4) Is there any open-source software like IBM Tivoli Access Manager
>> which handles the whole security of a Web site ?

Bunches.  Most opensource cms solutions will have one built in.  There 
is at least one (LiveUser) in PHP's PEAR repository.  If you want it in 
Java I can't provide you any links, but there should be resources there 
as well.

If you want single signon across more than one domain, it's a bit more 

pubcookie ( is an opensource multi-domain 
single signon system developed at UWashington.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message