tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Windwos Integrated Authentication using AD and Tomcat (no prompt to the users)
Date Sun, 13 Sep 2009 11:27:47 GMT
Quick answer :

Look at, Jespa.

Derlei Luff wrote:
> Hi all,
> I’m new to Tomcat and normally work in a Microsoft Windows world. I’ve stumbled into
a problem using Tomcat as a web server, that I’m sure there is a simple solution for though
I can’t find it. I’m sure it works if I use a MS IIS server instead of a Tomcat server
at least. I hope some of you more experienced users of Tomcat can either point me in the right
direction or perhaps come up with the conclusion J
> My problem is:
> I have a running Active Directory which holds the users and groups. I have a Windows
XP client, which is member of the Active Directory domain. If a users logs into the client
using he’s username and password and then open Internet Explore I would like him to gain
access to a web page hosted on the Tomcat server. The problem is that the Tomcat server shall
validate the user’s Active Directory credentials and the credentials should be sent to Tomcat
without user interaction. In other words I want “Windows Integrated Authentication” from
the MS world, so that Internet Explore takes the users credentials and send them to the Tomcat
server (Kerberos). So far I can only get this to work if Internet Explorer prompts the users
for he’s credentials (Basic Authentication). 
> In other words I want to archive this:
> ·         Users logs onto the Windows XP computer using he’s username and password
> ·         User opens Internet explorer and write the URL to the page hosted on the Tomcat
> ·         Internet Explore sends the users username and password automatically to tomcat
> ·         The Tomcat validates the user’s credentials and accepts the request.
> This is some form of Single Sign On and I know it works if I use IIS instead of Tomcat.
> I’ve found several guides on the net, but no one which tells me if this is possible
or not. Hope some of you of you can point me in the right direction, but perhaps I have to
use a third part application to archive this??
> Thanks in advance,
> Derlei

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message