tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Single Sign-On problems
Date Mon, 16 Aug 2010 07:43:10 GMT
Carlton Whitmore wrote:
> Andre,
> The only reason I think it's Tomcat because when we change the Tomcat version it seems
to affect the speed of the application (Tomcat 7 runs very slow, but no SSO errors; Tomcat
6 runs fast, but SSO errors). We're using Active Directory to authenticate. I guess it could
be SSL as well. I've change the domain controller, but that didn't affect the issue. Here
is the code we changed in the conf\web.xml file:
>  
>  <welcome-file-list>
>         <welcome-file>index.html</welcome-file>
>         <welcome-file>index.htm</welcome-file>
>         <welcome-file>index.jsp</welcome-file>
>     </welcome-file-list>
>  
>    <filter>
>      <filter-name>NtlmHttpFilter</filter-name>
>      <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>      <init-param>
>          <param-name>jcifs.http.domainController</param-name>
>          <param-value>192.168.100.6</param-value>
>      </init-param>
>      <init-param>
>          <param-name>jcifs.smb.client.domain</param-name>
>          <param-value>advocacyinc</param-value>
>      </init-param>
>      <init-param>
>          <param-name>jcifs.smb.client.username</param-name>
>          <param-value>SQL_LegalFiles</param-value>
>      </init-param>
>      <init-param>
>          <param-name>jcifs.smb.client.password</param-name>
>          <param-value>>password</param-value>
>      </init-param>
>      <init-param>
>          <param-name>jcifs.smb.lmCompatibility</param-name>
>          <param-value>3</param-value>
>      </init-param>
>     <!-- ** needs reviewed to avoid domain Preauth check
>     init-param>
>         <param-name>jcifs.smb.client.ssnLimit</param-name>
>         <param-value>1</param-value>
>     </init-param>
>     -->
> </filter>
> <filter-mapping>
>     <filter-name>NtlmHttpFilter</filter-name>
>     <url-pattern>/*</url-pattern>
> </filter-mapping>
> 
>  

1) you do know that this NtlmHttpFilter is no longer developed or supported, and that it 
will never support NTLM v2 (as is standard with Windows Vista, 7 and later), right ?
You should be thinking about switching to Jespa or Waffle.

2) anyway, the jCIFS filter can do quite extensive logs of what it does (see 
jcifs.util.loglevel).  You could try using that and check what it is telling you about the

failures.

3) when you mention "SSO failures", what do you mean exactly ? the browser popping up a 
builtin authentication dialog ? or something else ?
And is the above your standard operational configuration, or a simplified one you are just

using for this test ?



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message