tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Grabbing the user's info
Date Sun, 20 Nov 2011 12:09:00 GMT
Terence M. Bandoian wrote:
>  On 1:59 PM, chris derham wrote:
>>> But for _transparent_ authentication IIS is required as Christopher
>>> mentioned.
>>> That is not true. You can use SPNEGO to setup transparent authentication
>> directly to tomcat. You do not need IIS. This means that a browser 
>> accesses
>> a protected url on the server, and the server and browser "discuss" 
>> who the
>> user is, and then the application is presented with that information. 
>> This
>> discussion is transparent and involves no user interaction. This can be
>> done by default in IE and I believe chrome, but firefox is more secure so
>> needs to have explicitly have this authentication security enabled - by
>> default it is turned off to stop hackers falsely requesting the details
>> from a malicious server
>> HTH
>> Chris
> You might also consider using Waffle:
> which does not require IIS and supports NTLM and Kerberos.  I've used it 
> as a valve with Tomcat and believe it is also available as a filter.  
> Both Internet Explorer and Firefox have settings to enable or disable 
> automatic login.
> A brief mention is made in the Tomcat docs:
You might also consider using Jespa (  Not free, but very reasonably 
priced and works perfectly.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message