Make sure you have tomcatAuthentication="false" in the AJP connector definition in server.xml
How you get REMOTE_REALM and REMOTE_USER to the app within apache httpd then depends on where the app is looking for that information (getAttribute(), getHeader(), or getRemoteUser() ). Actually, come to think about it, tomcatAuthentication only controls how getRemoteUser() functions. We've taught all of our developers to do getHeader() because we're in a JBoss 7.x environment where we have to access to tweak the underlying tomcat part of the application server. With apache httpd we do: RequestHeader unset X-Forwarded-User RewriteCond %{IS_SUBREQ} ^false$ RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=XFU:%1] [P] RequestHeader set X-Forwarded-User %{XFU}e RequestHeader unset X-Forwarded-Realm RewriteCond %{IS_SUBREQ} ^false$ RewriteCond %{ENV:REMOTE_REALM} (.+) RewriteRule . - [E=XFR:%1] [P] RequestHeader set X-Forwarded-Realm %{XFR}e --andy ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss