tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kenneth Westelinck" <>
Subject RE: single login form for single sign on
Date Thu, 22 Mar 2001 08:57:45 GMT

I haven't followed your discussion, so if I'm out of line here don't shoot 
I'm using Apache 1.3.19 together with Tomcat 3.2.1 . The website I'm using 
is secured with a single login. The configuration to do this looks like:

# secure the site
<Location "/*">
	deny from all
	AuthType Basic
	AuthUserFile "/a path/http-passwd"
	AuthName "/"
	require valid-user
	satisfy any

So, if any user browses to http://myhost/ a loging pops up and the user has 
to provide a name and password.

I hope this helps anyone.


Kenneth Westelinck

>From: <>
>Subject: RE: single login form for single sign on
>Date: Thu, 22 Mar 2001 08:34:26 -0000
> > > So in essense the question is: Is there a way to specify a
> > "global" login
> > > and error page that will be used by all webapps?
> > >
> >
> > No.  Each web application is still a stand-alone entity.
> >
> > What single sign on support does for you is remember that
> > you've signed on
> > already.  You are still using whatever login mechanism is
> > defined for each
> > individual web app.  They don't even have to all use the same approach
> > (some could be BASIC, some could be FORM, for example).
> >
>What's the thinking behind this? Single sign on would imply having, at 
>the option of having a single login page, even if an individual web
>application could override the default and provide its own (for instance I
>guess webdav can't use FORM, so would have to override a FORM default to 
>Having to define login for each we application:
>1. provides a maintenance problem if you do want a common login page across
>all webapps
>2. begins to enter into "using my password for something I haven't approved
>it to be used for" teritory. i.e. the login page says you are logging into
>webapp1, but in fact your login will be used for webapp2. A single login
>page would tell you you are logging into both.
>Hence my initial question - is this just the way it has been done, or does
>the Spec say it must be done that way etc.?
>Many thanks
>Tim Dudgeon <>
>DISCLAIMER: This message contains proprietary
>information some or all of which may be
>confidential and/or legally privileged. It is for
>the intended recipient only who may use and apply
>the information only for the intended purpose.
>Internet communications are not secure and
>therefore the British Biotech group does not
>accept legal responsibility for the contents of
>this message. Any views or opinions presented are
>only those of the author and not those of the
>British Biotech group. If you are not the intended
>recipient please delete this e-mail and notify the
>author immediately by calling ++44 (0)1865 748747;
>do not use, disclose, distribute, copy, print or
>rely on this e-mail.

Get Your Private, Free E-mail from MSN Hotmail at

View raw message