tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Shaver" <>
Subject IIS 5.0 - Jboss with Tomcat 5.5 - JK 1.2.15 - NTLM
Date Tue, 22 Aug 2006 20:06:00 GMT

Okay I have Jboss set up on my machine with a simple one page web app
that has an Active Directory security realm set up.  I have another
machine running IIS 5 with the isapi_redirect.dll installed as an ISAPI
filter to redirect the requests to Tomcat on my machine.  I can access
the web app via IIS, get prompted for a user name and password, the app
server validates me in the AD domain controller and send me the page; As
long as

1> the auth-method in the web.xml is BASIC
2> the IIS web server has Anonymous Access turned on
3> Integrated Windows Security Authentication turned off

To see what the configuration step are for this go to:

I now want to do the same thing but not have the user get prompted to
login by having the app server use the NTLM headers that IE sends with
the requests.  So I thought I could do this:

1> turn Integrated Windows Authentication on for the IIS web site.
2> set the auth-method to CLIENT-CERT in the web.xml
3> set tomcatAuthentication="false" in the tomcat server.xml file

However this doesn't work, does anyone have a clue what I should do

Scott A. Shaver


All information transmitted hereby is intended only for the use of the
addressee(s) named above and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution
of confidential and privileged information is prohibited. If the reader
of this message is not the intended recipient(s) or the employee or agent
responsible for delivering the message to the intended recipient, you are
hereby notified that you must not read this transmission and that disclosure,
copying, printing, distribution or use of any of the information contained
in or attached to this transmission is STRICTLY PROHIBITED.

Anyone who receives confidential and privileged information in error should
notify us immediately by telephone and mail the original message to us at
the above address and destroy all copies.  To the extent any portion of this
communication contains public information, no such restrictions apply to that
information. (gate01)

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message