tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <j...@kewlstuff.co.za>
Subject Re: Single sign on issue with Tomcat and Apache
Date Thu, 05 Jun 2008 00:17:00 GMT

----- Original Message ----- 
From: "André Warnier" <aw@ice-sa.com>
To: <users@tomcat.apache.org>
Cc: <sridharmnj@yahoo.co.in>
Sent: Thursday, June 05, 2008 1:06 AM
Subject: RE: Single sign on issue with Tomcat and Apache


> Hi.
>
> I saw your ongoing discussion, and maybe I can contribute something, but I 
> need some more info before.
>
> Here is what you explained before :
>
> a) You have one site "aaa.com" to which users access this way :
>
> user -------------------------------> tomcat aaa.com
>
> b) and another site "bbb.com" to which users access this way :
>
> 1) static content :
> user ------------------------------> Apache bbb.com
> 2) dynamic content :
> user -----> Apache ---> mod_jk ---> tomcat bbb.com
>
> Is it really like described above ?



Yes the exact architecture would help ;)

I understand it like this

browser ------------------> Tomcat on aaa.com
browser <----------------- Tomacat delivers web pages with links to 
bbb.com/image.jpg
browser -------------------> Apache on bbb.com with images and stuff (that 
wont authenticate)

Reason is browser will not return auth and cookies that belong to domain 
aaa.com to bbb.com

What (I think) may work is what you have indicated

user -----> Apache (bbb.com) ---> mod_jk ---> tomcat aaa.com

All links now to bbb.com and JK setup to talk to aaa.com

Images on Apache and servlet JKMounted on aaa.com

The browser will return Basic header and cookies... so I think Apache auth 
modules and tomcat on SingleSignOn will work.

All assuming this can be setup and if the images are hosted remotely that 
the Sp can set up JK etc.
But is webapp cannot be changed and images are hardcoded in servlet... I 
think he's snookered and probably has to lose authentication on Apache.
Thats how I understand it...

Maybe?


---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
--------------------------------------------------------------------------- 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message