tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lucia Moreno Lopez <>
Subject RE: how to integrate Shibboleth and Tomcat
Date Wed, 05 Nov 2008 15:13:18 GMT

Yes, I am using httpd in front. 

To perform Shibboleth authentication, we are using Apache httpd to front
the Tomcat servlet environment. The Shibboleth service provider installs
as an Apache module (mod_shib) and a supporting daemon process (shibd).
The Apache server communicates with Tomcat using AJP/1.3 protocol via
the JK connector. 

The above configuration is sufficient for Tomcat servlets to be able to
retrieve the authenticated username using request.getRemoteUser(), but
does not of itself establish servlet invocation as being authenticated. 

For this, it is necessary to place a <security-constraint> on the
context URI that is used to invoke the servlet. This is done in the web
applications web.xml file. 

I was wondering if there is already something developed for this (JASS
realm, etc).

Thanks again,

-----Original Message-----
From: Lucia Moreno Lopez 
Sent: Wednesday, November 05, 2008 3:23 PM
To: ''
Subject: how to integrate Shibboleth and Tomcat

I need to integrate Shibboleth and Tomcat. 
We are using tomcat 5.5.23, mod_jk connector 1.2.23 and the reference
implementation of Shibboleth version 2.0. We're running on a Linux
RedHat Enterprise environment.

Do you know any JAAS realm open source implementation or any other way
to implement authentication in tomcat using shibboleth?

Thanks in advance for your help,

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message