httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thompson, Neil" <Neil.Thomp...@shepway.gov.uk>
Subject [users@httpd] Subject: Single sign-on with multiple Tomcats served via one Apache httpd server
Date Tue, 28 Mar 2006 12:07:26 GMT
Hi there!

Configuration:
a. Apache httpd 2.0 server (IP0, port 80) with some content served from /cms
b. Worker to a Tomcat 4.1 running on a separate box (IP1:8080) mapped to /app1
c. Anpother worker to another Tomcat 5.5 running on separate box (IP2:8080) mapped to /app2

Both Tomcats are using the same configuration for security realm (pointing to the same DataSource
parameters of course):

      <Realm className=" org.apache.catalina.realm.DataSourceRealm"
          dataSourceName="jdbc/default"
          debug="99"
          userTable="corporate.dbo.t_userlogin"
          userNameCol="c_username" 
          userCredCol="c_password"
          userRoleTable="corporate.dbo.t_userpermission"
          roleNameCol="c_rolename"
          digest="md5"/>

and have their Single Sign-on valve turned on: 

        <Valve className="org.apache.catalina.authenticator.SingleSignOn" debug="0"/>

However, if you're required to authenticate to access say, /app1/aSecure.jsp, you will be
asked to authenticate again to access say, /app2/anotherSecure.jsp, though from the user point
of view, this is the same username/password on the same URL. 

Is there a way to carry over the single sign-on from each Tomcat to the Apache server, so
that /app2/anotherSecure.jsp can trust the authentication done while visiting /app1/aSecure.jsp,
or should this be done in a completely different way? 

We have to keep those two separate Tomcats (distinct hardware, different versions, performance
issues).

Thanks for your help!




Neil Thompson
Analyst/Programmer
Systems Development
ICT Services 
Shepway District Council, Folkestone, Kent.
Direct Tel:  01303 853340
Direct Fax: 01303 245978
E-Mail: neil.thompson@shepway.gov.uk  <mailto:neil.thompson@shepway.gov.uk> 
Website: www.shepway.gov.uk <http://www.shepway.gov.uk/> 

     
  _____  

The contents and any attachments of this e-mail message are confidential and intended only
for the named addressees. 
If you have received it in error, please advise the sender immediately by return email and
then delete it from your system.
Any unauthorised distribution, or copying of this transmission, or mis-use or wrongful disclosure
of information contained in it, is strictly prohibited.
Shepway District Council cannot accept liability for any statements made which are clearly
the sender's own and not expressly made on behalf of the council." 
  _____  

---------------------------------------------------------
Scanning of this message and addition of this footer has 
been performed by Shepway District Council with email
filtering and virus detection software.
---------------------------------------------------------

Mime
View raw message