tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cenk Oguz <>
Subject Re: mod_spnego SingleSignOn over mod_jk
Date Wed, 02 Jan 2008 13:32:27 GMT
Hey Rainer!

On Wed, Jan 02, 2008 at 07:39:49AM +0100, Rainer Jung wrote:
> Hi Cenk,
> For me the mod_spnego code looks like it only set the usual
> authenticated user var, so the name of the user will be available for
> the webapp only by using request.getRemoteUser() and not via an http header.

Yes I got that impression. I was thinking that perhaps the RequestHeader directive from mod_headers
could be used to set a REMOTE_USER header, using the REMOTE_USER variable that mod_spnego
should have set. 

But it seems to be a question of timing, needing authentication to have taken place and the
REMOTE_USER variable to have been set before RequestHeader actions take place. I will simply
have to test this out when I have time.

> > Also, will autentication take place before mod_jk forwards the
> > request? If mod_jk acts before autentication there is no point in
> > proceding with this.
> It looks like the two modules play nicely together. mod_spnego only uses
> the auth slots and mod_jk totally ignores those. That should be fine.
> You shoulkd check, if mod_spnego does work fine with <Location>
> directives and not only with <Directory>. I would expect that, but the
> docs are not clear about it.

Looking at forum messages at sf mod_spnego site it seems that Location directives worked out
whereas Directory directives did not.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message