httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregor Schneider" <>
Subject Re: [users@httpd] How to manage single sign on with apache
Date Mon, 25 Dec 2006 11:02:51 GMT
Hi Meir,

we are not using LDAP.

The principle of our solution is as follows:

We have written a simple Servlet, that gets authenticated by Tomcat
via FormLogin.
The Servlet will then read the Cookie JSSOSessionID and will write the
contents of this Cookie into the MySQL-DB specified by
All the static content is served by Apache httpd, and the static
content requires a valid user. Now Apache takes a look into the MySQL
via mod_auth_cookie_mysql, checks if the stored cookie is available,
and voilĂ : User is authorized.

Dynamic webapps are protected by Tomcat only, and since we are using
the SingleSignOnValve, access is granted after the user has initially
been authorized by the SingleSignOn-servlet.

Sure, you'll have to think about a few things (i.e. expiry in MySQL
should be equal to Tomcat's session-timeout etc.), but that's not too

Hope that gives you the idea.

Coming to Sun's framework:

Take a look at - if you want to utilize
LDAP, you might want give it a shot. However, for our purposes it was
way to oversized.


what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message