Carlton Whitmore wrote:
> Andre,
> The only reason I think it's Tomcat because when we change the Tomcat version it seems
to affect the speed of the application (Tomcat 7 runs very slow, but no SSO errors; Tomcat
6 runs fast, but SSO errors). We're using Active Directory to authenticate. I guess it could
be SSL as well. I've change the domain controller, but that didn't affect the issue. Here
is the code we changed in the conf\web.xml file:
>
> <welcome-file-list>
> <welcome-file>index.html</welcome-file>
> <welcome-file>index.htm</welcome-file>
> <welcome-file>index.jsp</welcome-file>
> </welcome-file-list>
>
> <filter>
> <filter-name>NtlmHttpFilter</filter-name>
> <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> <init-param>
> <param-name>jcifs.http.domainController</param-name>
> <param-value>192.168.100.6</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.domain</param-name>
> <param-value>advocacyinc</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.username</param-name>
> <param-value>SQL_LegalFiles</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.client.password</param-name>
> <param-value>>password</param-value>
> </init-param>
> <init-param>
> <param-name>jcifs.smb.lmCompatibility</param-name>
> <param-value>3</param-value>
> </init-param>
> <!-- ** needs reviewed to avoid domain Preauth check
> init-param>
> <param-name>jcifs.smb.client.ssnLimit</param-name>
> <param-value>1</param-value>
> </init-param>
> -->
> </filter>
> <filter-mapping>
> <filter-name>NtlmHttpFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
>
1) you do know that this NtlmHttpFilter is no longer developed or supported, and that it
will never support NTLM v2 (as is standard with Windows Vista, 7 and later), right ?
You should be thinking about switching to Jespa or Waffle.
2) anyway, the jCIFS filter can do quite extensive logs of what it does (see
jcifs.util.loglevel). You could try using that and check what it is telling you about the
failures.
3) when you mention "SSO failures", what do you mean exactly ? the browser popping up a
builtin authentication dialog ? or something else ?
And is the above your standard operational configuration, or a simplified one you are just
using for this test ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|