tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Terence M. Bandoian" <>
Subject Re: Grabbing the user's info
Date Wed, 16 Nov 2011 21:02:41 GMT
  On 1:59 PM, chris derham wrote:
>> But for _transparent_ authentication IIS is required as Christopher
>> mentioned.
>> That is not true. You can use SPNEGO to setup transparent authentication
> directly to tomcat. You do not need IIS. This means that a browser accesses
> a protected url on the server, and the server and browser "discuss" who the
> user is, and then the application is presented with that information. This
> discussion is transparent and involves no user interaction. This can be
> done by default in IE and I believe chrome, but firefox is more secure so
> needs to have explicitly have this authentication security enabled - by
> default it is turned off to stop hackers falsely requesting the details
> from a malicious server
> Chris
You might also consider using Waffle:

which does not require IIS and supports NTLM and Kerberos.  I've used it 
as a valve with Tomcat and believe it is also available as a filter.  
Both Internet Explorer and Firefox have settings to enable or disable 
automatic login.

A brief mention is made in the Tomcat docs:

-Terence Bandoian

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message