tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat)>
Subject Re: Multiple authentication methods? Fallback from keycloak saml to basic/form auth?
Date Wed, 23 Aug 2017 20:43:26 GMT
On 23.08.2017 16:51, ken edward wrote:
> Hello,
> I have tomcat value for authentication implemented and working
> (keycloak saml tomcat adapter). but how can I implement a fallback to
> form/basic authentication? Can I chain auth valves?

Not really my area, but since nobody else seems to respond, I'll tell you what I believe :

 From the Valve documentation (at I see nothing that would 
indicate that Valves cannot be chained.
In fact, it is rather the opposite, implicitly : some of the listed Valves would not make

sense if they did not allow another Valve to be inserted also (such as the AccessLog Valve).

But I also do not see any explicit mention of what happens when several Valves are defined

in the same "configuration scope" (such as : in what order are they "executed", compared 
to the order in which they are listed in the configuration), which may be of importance to

you. (Obviously, you'd want a Form/Basic auth to be invoked only if your other Valve fails

first, and not before your own Valve).

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message