tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cenk Oguz <c...@bredband.net>
Subject Re: mod_spnego SingleSignOn over mod_jk
Date Wed, 02 Jan 2008 13:32:27 GMT
Hey Rainer!

On Wed, Jan 02, 2008 at 07:39:49AM +0100, Rainer Jung wrote:
> Hi Cenk,
> 
> For me the mod_spnego code looks like it only set the usual
> authenticated user var, so the name of the user will be available for
> the webapp only by using request.getRemoteUser() and not via an http header.

Yes I got that impression. I was thinking that perhaps the RequestHeader directive from mod_headers
could be used to set a REMOTE_USER header, using the REMOTE_USER variable that mod_spnego
should have set. 

But it seems to be a question of timing, needing authentication to have taken place and the
REMOTE_USER variable to have been set before RequestHeader actions take place. I will simply
have to test this out when I have time.

> 
> > Also, will autentication take place before mod_jk forwards the
> > request? If mod_jk acts before autentication there is no point in
> > proceding with this.
> 
> It looks like the two modules play nicely together. mod_spnego only uses
> the auth slots and mod_jk totally ignores those. That should be fine.
> 
> You shoulkd check, if mod_spnego does work fine with <Location>
> directives and not only with <Directory>. I would expect that, but the
> docs are not clear about it.

Looking at forum messages at sf mod_spnego site it seems that Location directives worked out
whereas Directory directives did not.

Thanks!
Cenk

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message