tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gwin <tom...@cafesoft.com>
Subject Re: Authentication Practices
Date Fri, 16 May 2003 18:12:20 GMT
Danox,

BASIC and DIGEST authentication are similar, the difference being that 
DIGEST requires the client to hash a password before sending it. BASIC 
does everything in cleartext. BASIC and DIGEST authenticate against an 
"origin server", and will not solve your multi-server single sign-on 
problem.

	http://www.ietf.org/rfc/rfc2617.txt

One solution would be to use a proxy. For example, you could configure 
Apache on the Tomcat box with mod_jk, and use Apache security and the 
Apache Proxy feature to pass requests to the Domino server. In this 
configuration, you would loose access within Tomcat to the servlet 
security APIs (e.g., request.isUserInRole() . . .).

Gary

danox wrote:
> OK this is not a pure tomcat question, but hopefully it will be known by 
> someone here.
> 
> I am working on moving a current application written for the Domino 
> platform to a Tomcat platform, for various reasons, we have decided to 
> do this piece by piece. Thus we will have a domino instance runing on 
> one server and a tomcat instance running on another server.
> 
> The issue that I have is with authentication. I have been able to make 
> tomcat authenticate from the same source as Domino, however when a 
> person jumps from the domino server to the tomcat server, or vice versa, 
> they must athenticate twice.
> 
> I need to find a way to make the browser send the same authentication 
> details to both servers. I have been reading up on HTTP authentication, 
> and I believe that this is possible to do with digest authentication (as 
> opposed to basic), but my experiments with this have so far failed. Has 
> anyone had any experiencing seting up tomcat to validate seamlessly with 
> another type of server using digest authentication, or some other method?
> 
> Thanks in advance.
> 
> Danox
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

-- 

Gary Gwin
http://www.cafesoft.com

*****************************************************************
*                                                               *
*   The Cafesoft Access Management System, Cams, is security    *
*   software that provides single sign-on authentication and    *
*   centralized access control for Apache, Tomcat, and custom   *
*   resources.                                                  *
*                                                               *
*****************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message