tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <d...@cornell.edu>
Subject Re: Single sign on issue with Tomcat and Apache
Date Tue, 03 Jun 2008 23:56:11 GMT
I'll first admit that I've never used single sign-on, so most of this is 
educated conjecture on my part.  Hopefully it'll spark some discussion 
in the right direction.

Your right -- jvm version is not going to make a difference with the 
issue you are seeing.  Plus upgrading the jvm may break the nine year 
old app -- an excellent case to be made to your client/boss for 
rewriting/upgrading the old app.

The real problem is how the single sign-on id is getting from aaa.com to 
bbb.com.  Cookies won't work as the browser won't return a cookie for 
aaa.com to bbb.com.  That's a security problem if it does.  That leaves 
URL rewriting.  Are you doing anything to make sure the URLs for bbb.com 
have the single sign-on id in the url?  Seems like that's the only way 
for bbb.com to know it's getting a request from a previously 
authenticated user.

--David

sridharmnj wrote:
> I hope you did not observe the following lines from my post.
>   
>> bbb.com is an old project which was developed around 9 yrs ago and I am
>> not allowed to modify/reengineer the architecture. 
>>     
>
> It is successfully running on those versions in production and client does
> not want to upgrade versions for time being. I dont think that the java
> version is creating any problem. Do you think so???
>
> My problem is not related to Java version upgrades and its out of scope for
> discussion here. I am sure Java version update alone doesnot solve the
> issue.
>
>
> Propes, Barry L wrote:
>   
>> and you're stuck on Java 1.3.1 and cannot go forward?
>>
>>
>> -----Original Message-----
>> From: sridharmnj [mailto:sridharmnj@yahoo.co.in]
>> Sent: Tuesday, June 03, 2008 4:17 PM
>> To: users@tomcat.apache.org
>> Subject: RE: Single sign on issue with Tomcat and Apache
>>
>>
>>
>> Apache 2.0.50
>> Tomcat 5.0.27
>> Java 1.3.1
>>
>>
>> Propes, Barry L wrote:
>>     
>>> what versions are you using? Of each?
>>>
>>> -----Original Message-----
>>> From: sridharmnj [mailto:sridharmnj@yahoo.co.in]
>>> Sent: Tuesday, June 03, 2008 3:52 PM
>>> To: users@tomcat.apache.org
>>> Subject: Single sign on issue with Tomcat and Apache
>>>
>>>
>>>
>>> Hi,
>>> I am integrating two websites using single sign on. I have two sites
>>> namely
>>> aaa.com and bbb.com.
>>>
>>> When a user navigates from aaa.com, as he is already authenticated in it,
>>> he
>>> should be allowed to bbb.com without asking the credentials again. This
>>> is
>>> my requirement. 
>>>
>>> aaa.com is based on Tomcat Form based authentication and working fine.
>>>
>>> bbb.com's static data is deployed on apache and it requires apache BASIC
>>> authentication (htttd, and .htaccess). And dynamic data is deployed on
>>> Tomcat and based on Tomcat BASIC authentication.
>>>
>>> If I access static data of bbb.com, it first asks for credentials (Using
>>> a
>>> popup), authenticates using mod_auth_mysql, and once the user is
>>> authenticated, it is storing credentials in browser cache. When I
>>> navigate
>>> to dynamic content which is in tomcat, still its working without asking
>>> credentials twice. (I ensured that <realm-name> in web.xml and AuthName
>>> in
>>> .htaccess file are same). 
>>>
>>> I enabled SingleSignOn valve in server.xml file, and trying to access
>>> bbb.com from aaa.com. When I try to access dynamic data of bbb.com from
>>> aaa.com, as both are based on Tomcat security, they are sharing the
>>> browser
>>> cached credentials. (Though one is based on form and another is based on
>>> basic authentication model). But, when I try to access bbb.com's static
>>> data
>>> (which is in apache) from aaa.com, again its asking credentials, using a
>>> popup.
>>>
>>> bbb.com is an old project which was developed around 9 yrs ago and I am
>>> not
>>> allowed to modify/reengineer the architecture. 
>>>
>>> Could any one please guide me in right direction. I appreciate your help.
>>>
>>> Thanks,
>>> Sridhar 
>>> -- 
>>> View this message in context:
>>> http://www.nabble.com/Single-sign-on-issue-with-Tomcat-and-Apache-tp17633391p17633391.html
>>> Sent from the Tomcat - User mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>>       
>> -- 
>> View this message in context:
>> http://www.nabble.com/Single-sign-on-issue-with-Tomcat-and-Apache-tp17633391p17633917.html
>> Sent from the Tomcat - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>>     
>
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message