Tim,
If you're still considering a web single sign-on solution for
Apache/Tomcat, take a look at Cams. It's much more cost-effective than
SunOne Identity server, and gives you quite a bit of value add over
Apache or Tomcat security:
http://www.cafesoft.com/
Let us know your thoughts,
Gary
Jake Robb wrote:
Seems to me that if Tomcat had that information, it would be in the Session
variable, not the Request variable. See if maybe it's available via
Session.getAttribute().
The variables (sometimes called cgi variables since CGI is what they
are historically used with) sent by
]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Thursday, February 13, 2003 15:22
Subject: Re: Basic Auth with Apache+Tomcat
Seems to me that if Tomcat had that information, it would be in the
Session
variable, not the Request variable. See if maybe it's available via
Session.getAttribute
I'm quite sure you can have Tomcat do the auth instead of Apache, and then
you'll have access to the variable.
Try checking the configuration file (web.xml) of the built-in admin servlet.
It should contain an example of exactly what you want to do.
-Jake
- Original Message -
From: Tim
Jake,
Thanks for your reply.
You're absolutely right that Tomcat can do the auth instead of Apache (which
I've done before; support for it in Tomcat is really great).
However, I really need to do it in Apache instead, unfortunately. We're
looking at implementing SunOne's Single Sign On
Hello Tim,
For recent Tomcat versions, you need to add the following to your
jk2.properties file (even if you are using mod_jk and not jk2):
request.tomcatAuthentication=false
In older versions of Tomcat, for mod_jk, at the attribute
tomcatAuthentication=false to your ajp connector in
O'Donnell [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Thursday, February 13, 2003 5:15 PM
Subject: Re: Basic Auth with Apache+Tomcat
Jake,
Thanks for your reply.
You're absolutely right that Tomcat can do the auth instead of Apache
(which
I've done before; support
Hi Jake,
Thanks for the reply. It worked!
I'm using jk (not jk2 or mod_jk) and it didn't work when I added
request.tomcatAuthentication=false to the jk2.properties file, but I tried
adding it to my ajp connector in server.xml, per your second suggestion, and
that did the trick!
I'd never heard
Glad it worked for you.
To clarify, mod_jk and jk are one-in-the-same. Also, you are probably
using Tomcat-4.1.12 or earlier if the request.tomcatAuthentication=false in
the jk2.properties file didn't work for you. If you upgrade to
Tomcat-4.1.18+, you will find that the
