tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Windows Authentication on Tomcat 7.0.37 and JRE 7u13 / 64-bit
Date Thu, 28 Feb 2013 11:15:45 GMT
Chris Fors wrote:
> 
> Trying to get Windows
> Authentication operational using the Tomcat Built-in method.  Implemented the following
but not
> observed any Windows / Kerberos authentication occuring: 
> 
> -      
> Domain joined
> windows member server
> 
> -      
> Domain service
> account
> 
> -      
> Delegated SPN for
> HTTP protocol on the member server to the service account
> 
> -      
> Generated keytab
> file for the service account and saved in $catalina.base\conf folder
> 
> -      
> Created Valve in context.xml of className org.apache.catalina.authenticator.SpnegoAuthenticator

> 
> -      
> Created krb5.ini and
> saved in $catalina.base\conf folder 
> 
> -      
> Created jaas.conf and
> saved in $catalina.base\conf folder 
> 
>  
> 
> After this still no observed
> effect on logon authentications – all still apparently anonymous.  
> 
>  Anyone had success with this ? Any ideas on what is missing?Is there a good way to
> debug the process? 
> 
> 

What is the OS platform ?

To debug the process : other than what you already did above, a network trace  with 
Wireshark or similar ? (should be SMB exchanges I suppose)

Another couple of questions :
- is the client workstation that accesses the Tomcat server, itself in the Domain to which

you are trying to authenticate ?
- from the point of view of that workstation and its browser, is that Tomcat server 
considered as inside the Domain, or at least "trusted" ?
(because if not, then the browser will not even /try/ to use WIA authentication)



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message