tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jill Han" <jill....@alverno.edu>
Subject RE: form based authentication
Date Wed, 22 Apr 2009 19:40:31 GMT
Some corrections on the previous email.
I should say 
When singleSignOn is commented, those tasks can be achieved if basic authentication as 
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>TEST</realm-name> 
  </login-config>
 is used.

-----Original Message-----
From: Jill Han 
Sent: Wednesday, April 22, 2009 2:12 PM
To: 'Tomcat Users List'
Subject: RE: form based authentication

There is single <Host> in server.xml
<Engine name="Catalina" defaultHost="localhost">
      ...
	<Realm className="org.apache.catalina.realm.JNDIRealm"
              debug="99"
              connectionName="****"
              connectionPassword="****"
              connectionURL="ldap://url:389"
              alternateURL="ldap://url:389"
              userBase="DC=AC"
              userSearch="(sAMAccountName={0})"
              userRoleName="memberof"
              roleBase="DC=AC"
              roleName="cn"
              roleSearch="(uniqueMember={0})"
              userSubtree="true"
              roleSubtree="false"
      />
     ...
      <Host name="localhost" appBase="webapps"
       unpackWARs="true" autoDeploy="true"
       xmlValidation="false" xmlNamespaceAware="false">        
        
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" debug="0"/>
        
      </Host>
</Engine>
What I want to do is all the applications have the same realm config in server.xml. When it
comes to the different 
Applications, the authentication will be performed based on application very own web.xml.
If the applications in the web.xml have the same <realm-name>, those applications just
need to be authenticated once.
If the applications in the web.xml have different <realm-name>, those applications need
to be authenticated separately.

Those tasks can be achieved if basic authentication as 
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>TEST</realm-name> 
  </login-config>
 is used.

-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com] 
Sent: Wednesday, April 22, 2009 12:12 PM
To: Tomcat Users List
Subject: RE: form based authentication

> From: Jill Han [mailto:jill.han@alverno.edu]
> Subject: RE: form based authentication
> 
> However, this makes authentication activated only once although the
> applications have different realms.

To quote from the SSO doc:

"All web applications configured for this virtual host must share the same Realm."

http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On

Can you separate the various <Realm>s by <Host>?  Or are you stuck with a single
<Host>?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

Mime
View raw message