tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: Can I use single signon over multiple Tomcat instances?
Date Fri, 09 Nov 2001 16:34:25 GMT


On Fri, 9 Nov 2001, Robert Watkins wrote:

> Date: Fri, 9 Nov 2001 12:32:30 +1000
> From: Robert Watkins <robert.watkins@qsipayments.com>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: "'tomcat-user@jakarta.apache.org'" <tomcat-user@jakarta.apache.org>
> Subject: Can I use single signon over multiple Tomcat instances?
>
> Hi.
>
> We've got a web-based application, which for a variety of reasons runs over
> multiple TomCat instances (different parts on different boxes, basically). I
> don't want to go into those reasons right now, but suffice to say they
> exist.
>
> The standard installation that we have is a single Apache server, which
> delegates work to Tomcat instances based on the URL provided, all configured
> in the worker.properties. Currently, this is using Tomcat 3.2.3, but we plan
> to move to Tomcat 4.0.1 "soonish".
>
> We would like to use the single-sign-on capability of Tomcat 4.0. I
> understand from reading the docs and searching the archive of the mailing
> list that single-sign-on works only within a single virtual host.
>

That is correct.

> What I would like to know is: can a single virtual host span multiple Tomcat
> instances? And, if so, how? I was unable to find an answer to this in the
> mailing list logs at all.
>

Tomcat 4 doesn't currently support this.

One possible approach would be to set up a set of "proxy" webapps, all
within a single virtual host so that you could use Single Sign On support
across the proxies.  The proxy apps would simply retransmit the request on
to the real app, and return the response back to the user.  However, the
user's identity in this scenario is only known to the front end machine --
you would have to use some other technique to propogate the identity on to
the proxied apps.  (This isn't too tough if you use BASIC authentication,
but can get more complicated in other scenarios.)


> Thanks in advance,
>
> Robert.
>

Craig


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message