On 25.05.2010 13:44, André Warnier wrote:
Savoy, Melinda wrote:
Ranier,
I do not want the user to get prompted at all. I need this to work as
a single sign-on (seamless to the user). Is that not possible? I had
tested where when I got the prompt then I got the Domain\User name but
I am needing to avoid the login dialog box altogether.
Rainer got prompted because he did this test on a "loose" XP
workstation, and he was not yet logged into any domain.
If the workstation is part of a Windows domain, and the user already
logged into the domain, there will be no extra prompt.
Right, I didn't test that, but I would expect the same as you.
What Rainer did, was confirm that when conditions are right for IIS to
authenticate, and the setup is right for this authentication to be
passed to Tomcat, it is, and the gerRemoteUser() returns the logged-in id.
The issue you have, is in the basic setup of how some URLs are or are
not passed to the "right" Tomcat worker. I believe you have one "virtual
website" or whatever IIS calls it, too many, and that the URLs that are
of interest here are not being passed through the channel you think, and
therefore either IIS does not authenticate these SCIMIS URLs (and
consequently does not pass this authentication to Tomcat).
Can you tell us precisely :
- which URLs should be authenticated (give some examples)
- which sub-directories are present under the (tomcat-dir)/webapps
directory (where (tomcat-dir) is the top of your Tomcat installation.
Then we might be able to work out how the virtual websites and
redirector should be configured to make this all work as it should.
Good plan.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
