tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Grabbing the user's info
Date Sun, 20 Nov 2011 12:09:00 GMT
Terence M. Bandoian wrote:
>  On 1:59 PM, chris derham wrote:
>>> But for _transparent_ authentication IIS is required as Christopher
>>> mentioned.
>>>
>>> That is not true. You can use SPNEGO to setup transparent authentication
>> directly to tomcat. You do not need IIS. This means that a browser 
>> accesses
>> a protected url on the server, and the server and browser "discuss" 
>> who the
>> user is, and then the application is presented with that information. 
>> This
>> discussion is transparent and involves no user interaction. This can be
>> done by default in IE and I believe chrome, but firefox is more secure so
>> needs to have explicitly have this authentication security enabled - by
>> default it is turned off to stop hackers falsely requesting the details
>> from a malicious server
>>
>> HTH
>>
>> Chris
> You might also consider using Waffle:
> 
>      http://waffle.codeplex.com/
> 
> which does not require IIS and supports NTLM and Kerberos.  I've used it 
> as a valve with Tomcat and believe it is also available as a filter.  
> Both Internet Explorer and Firefox have settings to enable or disable 
> automatic login.
> 
> A brief mention is made in the Tomcat docs:
> 
>     http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html
> 
You might also consider using Jespa (www.ioplex.com).  Not free, but very reasonably 
priced and works perfectly.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message