tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Question on file
Date Tue, 25 May 2010 11:44:11 GMT
Savoy, Melinda wrote:
> Ranier,
> I do not want the user to get prompted at all.  I need this to work as a single sign-on
(seamless to the user).  Is that not possible?  I had tested where when I got the prompt then
I got the Domain\User name but I am needing to avoid the login dialog box altogether.
Rainer got prompted because he did this test on a "loose" XP 
workstation, and he was not yet logged into any domain.
If the workstation is part of a Windows domain, and the user already 
logged into the domain, there will be no extra prompt.

What Rainer did, was confirm that when conditions are right for IIS to 
authenticate, and the setup is right for this authentication to be 
passed to Tomcat, it is, and the gerRemoteUser() returns the logged-in id.

The issue you have, is in the basic setup of how some URLs are or are 
not passed to the "right" Tomcat worker.  I believe you have one 
"virtual website" or whatever IIS calls it, too many, and that the URLs 
that are of interest here are not being passed through the channel you 
think, and therefore either IIS does not authenticate these SCIMIS URLs 
(and consequently does not pass this authentication to Tomcat).

Can you tell us precisely :
- which URLs should be authenticated (give some examples)
- which sub-directories are present under the (tomcat-dir)/webapps 
directory  (where (tomcat-dir) is the top of your Tomcat installation.

Then we might be able to work out how the virtual websites and 
redirector should be configured to make this all work as it should.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message