tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From eborisow <>
Subject Question about Tomcat/IIS and NTLM authentication
Date Mon, 21 Jan 2008 13:38:45 GMT


I am using Tomcat 5.5 and have successfully setup a Realm containing
users/groups from my Active Directory domain.  I can login (to the /manager
app, for example) with no problem.  Now, I would like to use IIS and NTLM
authentication so the user is not prompted for login.  I have unchecked the
anonymous access in IIS.  On the Tomcat side, I can see the user data coming
from IIS.  Here is the problem...  the user principal that is passed by IIS
is <my-domain>\<username>.  Unfortunately, through LDAP, there is no
attribute that contains that value.  The username matches the samAccountName
in AD, but that's about it.  So, my question is... how can I remove the
domain name from what Tomcat is getting or somehow be able to manipulate the
incoming user name prior to the Realm search?

If someone has been able to get this working and could provide some help,
that would be great.

View this message in context:
Sent from the Tomcat - User mailing list archive at

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message