From users-return-265560-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Wed Sep 19 13:57:12 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 02055180621 for ; Wed, 19 Sep 2018 13:57:11 +0200 (CEST) Received: (qmail 86613 invoked by uid 500); 19 Sep 2018 11:57:10 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 86602 invoked by uid 99); 19 Sep 2018 11:57:10 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Sep 2018 11:57:10 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 8CC01C208E for ; Wed, 19 Sep 2018 11:57:09 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=6.31 tests=[RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id t2-EuijeAghf for ; Wed, 19 Sep 2018 11:56:32 +0000 (UTC) Received: from thor.wissensbank.com (thor.wissensbank.com [81.169.250.120]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id AFF445FB78 for ; Wed, 19 Sep 2018 11:56:31 +0000 (UTC) Received: from thor.wissensbank.com (localhost [127.0.0.1]) by thor.wissensbank.com (Postfix) with ESMTP id 288A21E103BD3 for ; Wed, 19 Sep 2018 13:56:25 +0200 (CEST) Received: by thor.wissensbank.com (Postfix, from userid 500) id 1D2481E103D3C; Wed, 19 Sep 2018 13:56:25 +0200 (CEST) Received: from [192.168.245.236] (pd956abfc.dip0.t-ipconnect.de [217.86.171.252]) (Authenticated sender: andre.warnier@ice-sa.com) by thor.wissensbank.com (Postfix) with ESMTPA id E48281E103BD3 for ; Wed, 19 Sep 2018 13:56:24 +0200 (CEST) Subject: Re: HTTPD pass off delegation credentials to Apache Tomcat 8.5.23 for SSO Kerberos To: users@tomcat.apache.org References: From: =?UTF-8?Q?Andr=c3=a9_Warnier_=28tomcat=29?= Message-ID: <5BA239A6.5020703@ice-sa.com> Date: Wed, 19 Sep 2018 13:57:26 +0200 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP On 18.09.2018 23:24, Thomas Delaney wrote: > Hello All, > > I have recently configured Apache Tomcat on a SuSe Enterprise 12 SP3 server > to get Kerberos SSO working with a web client application. I have also in > addition configured Apache HTTPD 2.4.29 on the same machine.When I reach > that website I am failing to get SSO working. The web server is not passing > off the delegation credentials to Apache Tomcat server. I have the web > server load balance proxying it's request to multiple Apache Tomcat > instances. I have tried applying mody_proxy_http environment variables, but > the site continues to fail SSO. Is there a guide or configuration that > HTTPD and Apache Tomcat both use to involve Apache HTTPD passing off > delegation credentials to Apache Tomcat? > If you would like someone here to be able to help you, you would need to be much more precise than that. You write "I have done this" and "I have done that", but without giving any clue as to /how/ you did this or that. You are not even saying /where/ you have configured the Kerberos SSO. Under the Apache httpd front-end ? or under Tomcat ? To point you nevertheless in a possible direction, read this : https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Apache_httpd (and, in your mind, substitute "Windows authentication" by "Kerberos authentication") --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org