tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Terence M. Bandoian" <tere...@tmbsw.com>
Subject Re: Grabbing the user's info
Date Wed, 16 Nov 2011 21:02:41 GMT
  On 1:59 PM, chris derham wrote:
>> But for _transparent_ authentication IIS is required as Christopher
>> mentioned.
>>
>> That is not true. You can use SPNEGO to setup transparent authentication
> directly to tomcat. You do not need IIS. This means that a browser accesses
> a protected url on the server, and the server and browser "discuss" who the
> user is, and then the application is presented with that information. This
> discussion is transparent and involves no user interaction. This can be
> done by default in IE and I believe chrome, but firefox is more secure so
> needs to have explicitly have this authentication security enabled - by
> default it is turned off to stop hackers falsely requesting the details
> from a malicious server
>
> HTH
>
> Chris
You might also consider using Waffle:

      http://waffle.codeplex.com/

which does not require IIS and supports NTLM and Kerberos.  I've used it 
as a valve with Tomcat and believe it is also available as a filter.  
Both Internet Explorer and Firefox have settings to enable or disable 
automatic login.

A brief mention is made in the Tomcat docs:

     http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html

-Terence Bandoian


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message