tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Ivanov <andrei.iva...@gmail.com>
Subject Re: How to configure SPNEGO authentication with fallback to FORM auth?
Date Mon, 04 Jul 2016 12:19:38 GMT
Hi Ken,
Would you mind posting the patch? :-)

On Thu, Jun 30, 2016 at 3:52 PM, ken edward <kedward777@gmail.com> wrote:
> I did get it to work. Simply merged existing spnego and form auth valves
> together, I will try to post later..
>
> On Fri, Jun 24, 2016 at 6:21 PM, Terence M. Bandoian <terence@tmbsw.com>
> wrote:
>
>> On 6/24/2016 10:45 AM, ken edward wrote:
>>
>>> On Fri, Jun 24, 2016 at 11:26 AM, Mark Thomas <markt@apache.org> wrote:
>>>
>>> On 24/06/2016 16:17, ken edward wrote:
>>>>
>>>>> On Fri, Jun 24, 2016 at 10:46 AM, Mark Thomas <markt@apache.org>
wrote:
>>>>>
>>>>> On 24 June 2016 14:22:32 BST, ken edward <kedward777@gmail.com>
wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I have tomcat 8 on linux, configured with kerberos/SPNEGO
>>>>>>> authentication.
>>>>>>> All works well, but if the client cannot use kerberos to authenticate,
>>>>>>> it
>>>>>>> will not fallback to FORM authentication.
>>>>>>>
>>>>>>> I see some references that tomcat 8 does not do fallback negotiation
>>>>>>> for
>>>>>>> FORM auth. True?
>>>>>>>
>>>>>> Yes
>>>>>>
>>>>>> Any workarounds?
>>>>>>>
>>>>>> Nothing simple. Both SPNEGO and FORM have their complications. You'll
>>>>>>
>>>>> need
>>>>
>>>>> to code some form of custom solution.
>>>>>>
>>>>>> Have a look in the archives. This has come up before and I think
there
>>>>>>
>>>>> is
>>>>
>>>>> some sample code that might get you most of the way there.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I had already searched the mail archives, and did not see any sample
>>>>>
>>>> code.
>>>>
>>>>> If anyone has any insight, please do post some code fragments.
>>>>>
>>>> I was thinking of this:
>>>> http://wiki.apache.org/tomcat/SSLWithFORMFallback
>>>>
>>>> Not quite what you are looking for but it might help.
>>>>
>>>>
>>>> I guess I need to extend the SPNEGO valve code in tomcat 8 to handle
>>> fallback to FORM auth, similar to SSLWIthFORMFallback. aaarg. Such a
>>> simple
>>> and essential use case. Perplexing that it is not implemented.
>>>
>>>
>>
>> If you get it working, you might consider submitting a patch.  Doing so
>> might save someone else from cursing under their breath.
>>
>> -Terence Bandoian
>> http://www.tmbsw.com/
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message