> From: Linux Support [mailto:ossuppor...@gmail.com]
> Subject: Single sign on
> Using 8.5.5 on solaris. Can you please point me in the direction of some
> documentation/link/blog for how to set up the SSO for a application
> deployed.
Start here.
http://tomcat.apache.org/tomcat-8.5-doc/config/v
Great, thanks for taking a look. I've submitted a bug report for
replicating the SingleSignOnEntry cache data here:
https://issues.apache.org/bugzilla/show_bug.cgi?id=57338
On Tue, Dec 9, 2014 at 9:23 PM, Keiichi Fujino wrote:
> I examined the code of ClusterSingleSignOn.
> This behavior seems t
I examined the code of ClusterSingleSignOn.
This behavior seems to be bug.
There seems to be some other problems.
a) When a new node is started, SingleSignOnEntry of cache is not
replicated. (you mentioned.)
b) ClusterSingleSignOn does not implement ClusterValve.
c) Unsupported to BackupManager.
d)
Carlton Whitmore wrote:
I just verified that the issue is not with SSO. I tested this by accessing the URL until I got "Page cannot be displayed" then I tried accessing https://myserver.advocacyinc.org:8443 and got the same thing.
We're not doing any redirects from IIS. Could JCifs be tying up
Pid,
I can't seem to open any of your emails. Outlook (with Entrust) says that they
are encrypted but with invalid mime.
From: Pid [mailto:p...@pidster.com]
Sent: Monday, August 16, 2010 12:54 PM
To: Tomcat Users List
Subject: Re: Single Sign-On problems
Carlton Whitmore wrote:
Andre,
The only reason I think it's Tomcat because when we change the Tomcat version
it seems to affect the speed of the application (Tomcat 7 runs very slow, but
no SSO errors; Tomcat 6 runs fast, but SSO errors). We're using Active
Directory to authenticate. I guess i
> From: Carlton Whitmore [mailto:cwhitm...@advocacyinc.org]
> Subject: RE: Single Sign-On problems
>
> The server is running as a VM on Hyper-V R2. I've checked the CPU and
> disk access during these times and everything looks fine. We're using
> internal DNS ser
___
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Sun 8/15/2010 9:07 PM
To: Tomcat Users List
Subject: RE: Single Sign-On problems
> From: Carlton Whitmore [mailto:cwhitm...@advocacyinc.org]
> Subject: RE: Single Sign-On problems
>
> Tomcat 7 runs ver
> From: Carlton Whitmore [mailto:cwhitm...@advocacyinc.org]
> Subject: RE: Single Sign-On problems
>
> Tomcat 7 runs very slow, but no SSO errors; Tomcat 6 runs
> fast, but SSO errors
Have you looked to see what's going on during the slowdown? Is there high CPU
usage, or p
nt: Sun 8/15/2010 11:45 AM
To: Tomcat Users List
Subject: Re: Single Sign-On problems
Carlton Whitmore wrote:
> We're running Windows 2008 R2, Tomcat 6, MS SQL 2005, JDK 6 update 20
> and authenticating using AD from Windows 2003 R2 server.
>
>
>
> The application we'
On 15/08/2010 17:45, André Warnier wrote:
> Carlton Whitmore wrote:
>> We're running Windows 2008 R2, Tomcat 6, MS SQL 2005, JDK 6 update 20
>> and authenticating using AD from Windows 2003 R2 server.
>>
>>
>>
>> The application we're using causes intermittent single sign-on errrors.
>> We tried
Carlton Whitmore wrote:
We're running Windows 2008 R2, Tomcat 6, MS SQL 2005, JDK 6 update 20
and authenticating using AD from Windows 2003 R2 server.
The application we're using causes intermittent single sign-on errrors.
We tried to upgrade to Tomcat 7 and the SSO errors went away, but the
Have a look at CAS http://www.jasig.org/cas
On Wed, Jun 16, 2010 at 8:17 PM, Chandana Napagoda wrote:
> Hi,
>
>
>
> I have two tomcat instance, frist one run on https://localhost:8080 and
> secound one run on https://localhost:9090. each server i have deployed Admin
> and User web application
On 19/04/2010 08:05, Arnab Ghosh wrote:
> Hello Friends,
>
> I want to know about the Single Sign On Valve. Why/when should we use this
> valve??
>
> I have already studied the documentation about this. But I haven't got a
> clear idea about it. Is there any relation of Single-Sign-On with sessio
Many thanks!!
I am planning to follow the below approach only.
>>> Or, leave Apache in-between, but have it pass all requests for "bbb" to
Tomcat also (like it does for aaa and ccc), and serve the static pages
from Tomcat, subject to basic authentication on Tomcat. This way, after
the first
sridharmnj wrote:
- there is only one Apache, and one Tomcat, on the same physical server
yes
- there are no Apache VirtualHosts (or there is only one), and there is
only one Tomcat section in server.xml
Apache virtualhost is there, and tomcat host is - the back-end for the authentication is
> From: sridharmnj [mailto:[EMAIL PROTECTED]
> Subject: Re: Single sign on issue with Tomcat and Apache
>
> Is it a better idea to move apache pages (bbb) into the
> tomcat (ccc)?
If you're not using httpd for anything other than serving static content, then
yes, get rid of i
> Johnny Kewl wrote:
>>
>> - Original Message - From: "sridharmnj" <[EMAIL PROTECTED]>
>> To:
>> Sent: Thursday, June 05, 2008 4:33 PM
>> Subject: Re: Single sign on issue with Tomcat and Apache
>>
>>
>>>
>>>
Well, Johnny, we seem to agree..
Johnny Kewl wrote:
- Original Message - From: "sridharmnj" <[EMAIL PROTECTED]>
To:
Sent: Thursday, June 05, 2008 4:33 PM
Subject: Re: Single sign on issue with Tomcat and Apache
Many thanks to all of you for responding to my problem
- there is only one Apache, and one Tomcat, on the same physical server
yes
- there are no Apache VirtualHosts (or there is only one), and there is
only one Tomcat section in server.xml
Apache virtualhost is there, and tomcat host is
FORM
myWebSite Security
/Login.jsp
sridharmnj wrote:
Many thanks to all of you for responding to my problem.
I apologize, I hope I didnot mention my system architecture clearly. (As I
mentioned, it is an old application, which was developed 9 yrs ago, and no
documentation at all :-( )
I am accessing those applications like..
ww
- Original Message -
From: "sridharmnj" <[EMAIL PROTECTED]>
To:
Sent: Thursday, June 05, 2008 4:33 PM
Subject: Re: Single sign on issue with Tomcat and Apache
Many thanks to all of you for responding to my problem.
I apologize, I hope I didnot mention my sys
sridharmnj wrote:
Many thanks to all of you for responding to my problem.
I apologize, I hope I didnot mention my system architecture clearly. (As I
mentioned, it is an old application, which was developed 9 yrs ago, and no
documentation at all :-( )
I am accessing those applications like..
Many thanks to all of you for responding to my problem.
I apologize, I hope I didnot mention my system architecture clearly. (As I
mentioned, it is an old application, which was developed 9 yrs ago, and no
documentation at all :-( )
I am accessing those applications like..
www.mywebsite.com/aaa
Johnny Kewl wrote:
- Original Message - From: "Propes, Barry L "
<[EMAIL PROTECTED]>
To: "Tomcat Users List"
Hi,
I am integrating two websites using single sign on. I have two sites
namely
aaa.com and bbb.com.
I enabled SingleSignOn valve in server.xml file, and trying to acces
- Original Message -
From: "André Warnier" <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Sent: Thursday, June 05, 2008 2:54 AM
Subject: Re: Single sign on issue with Tomcat and Apache
Johnny Kewl wrote:
- Original Message - From: "André
Johnny Kewl wrote:
- Original Message - From: "André Warnier" <[EMAIL PROTECTED]>
To:
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, June 05, 2008 1:06 AM
Subject: RE: Single sign on issue with Tomcat and Apache
Hi.
I saw your ongoing discussion, and maybe I ca
- Original Message -
From: "André Warnier" <[EMAIL PROTECTED]>
To:
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, June 05, 2008 1:06 AM
Subject: RE: Single sign on issue with Tomcat and Apache
Hi.
I saw your ongoing discussion, and maybe I can contribute something,
Hi.
I saw your ongoing discussion, and maybe I can contribute something, but
I need some more info before.
Here is what you explained before :
a) You have one site "aaa.com" to which users access this way :
user ---> tomcat aaa.com
b) and another site "bbb.com" t
- Original Message -
From: "Propes, Barry L " <[EMAIL PROTECTED]>
To: "Tomcat Users List"
Hi,
I am integrating two websites using single sign on. I have two sites namely
aaa.com and bbb.com.
I enabled SingleSignOn valve in server.xml file, and trying to access
Its not going to w
Java version update alone doesnot solve the
issue.
Propes, Barry L wrote:
and you're stuck on Java 1.3.1 and cannot go forward?
-Original Message-
From: sridharmnj [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2008 4:17 PM
t;
>>>> --David
>>>>
>>>> sridharmnj wrote:
>>>>
>>>>> I hope you did not observe the following lines from my post.
>>>>>
>>>>>
>>>>>> bbb.com is an old project which was
reengineer the architecture.
>>>>>
>>>>>
>>>> It is successfully running on those versions in production and client
>>>> does
>>>> not want to upgrade versions for time being. I dont think that the java
>>>> ve
x27;re stuck on Java 1.3.1 and cannot go forward?
-Original Message-
From: sridharmnj [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2008 4:17 PM
To: users@tomcat.apache.org
Subject: RE: Single sign on issue with Tomcat and Apache
Apache 2.0.50
Tomcat 5.0.27
Java 1.3.1
Propes, Ba
is creating any problem. Do you think so???
>>
>> My problem is not related to Java version upgrades and its out of scope
>> for
>> discussion here. I am sure Java version update alone doesnot solve the
>> issue.
>>
>>
>> Propes, Barry L wrote:
>>
rote:
and you're stuck on Java 1.3.1 and cannot go forward?
-Original Message-
From: sridharmnj [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2008 4:17 PM
To: users@tomcat.apache.org
Subject: RE: Single sign on issue with Tomcat and Apache
Apache 2.0.50
Tomcat 5.0.27
J
're stuck on Java 1.3.1 and cannot go forward?
>
>
> -Original Message-
> From: sridharmnj [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 03, 2008 4:17 PM
> To: users@tomcat.apache.org
> Subject: RE: Single sign on issue with Tomcat and Apache
>
>
>
and you're stuck on Java 1.3.1 and cannot go forward?
-Original Message-
From: sridharmnj [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2008 4:17 PM
To: users@tomcat.apache.org
Subject: RE: Single sign on issue with Tomcat and Apache
Apache 2.0.50
Tomcat 5.0.27
Java 1.3.1
P
Apache 2.0.50
Tomcat 5.0.27
Java 1.3.1
Propes, Barry L wrote:
>
> what versions are you using? Of each?
>
> -Original Message-
> From: sridharmnj [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 03, 2008 3:52 PM
> To: users@tomcat.apache.org
> Subject: Single sign on issue with Tomcat a
what versions are you using? Of each?
-Original Message-
From: sridharmnj [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2008 3:52 PM
To: users@tomcat.apache.org
Subject: Single sign on issue with Tomcat and Apache
Hi,
I am integrating two websites using single sign on. I have two si
I think via a lookup to an LDAP reference, but you have to know that LDAP group
from your administrator.
-Original Message-
From: Andrew Hole [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 05, 2007 11:52 AM
To: Tomcat Users List
Subject: Single Sign-On
Hello everybody!
I have two
> From: A Sunley [mailto:[EMAIL PROTECTED]
> Subject: Single Sign-On across multiple webapps
>
> I'm experiencing some problems implementing SSO across two webapps.
You make no mention of having read the Tomcat documentation for SSO, let
alone enabling it:
http://tomcat.apache.org/tomcat-6.0-doc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lb,
lightbulb432 wrote:
> Anytime I want to use more than two credentials, I have to provide my
> own Realm implementation. But the only time I need to do the String
> concatentation is when at least one of the additional credentials
> (i.e. beyond u
Wow, those are good suggestions. I was thinking about the String
concatenation, but didn't think it was worth considering further until you
just mentioned it. So let me see if I have this straight:
Anytime I want to use more than two credentials, I have to provide my own
Realm implementation. But
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lb,
lightbulb432 wrote:
> Views would definitely allow me to keep the two tables separate, but then I'd
> have to authenticate against the two source tables separately (i.e. each
> application would point to the source table rather than to the view).
Views would definitely allow me to keep the two tables separate, but then I'd
have to authenticate against the two source tables separately (i.e. each
application would point to the source table rather than to the view). If
pointing both applications to the common view, then doesn't the original
p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lb,
lightbulb432 wrote:
> The requirement doesn't accept having two tables (i.e. userTableA and
> userTableB), partly because increased maintenance, the possibility of table
> definitions going out of sync, etc.
CREATE VIEW, anyone?
- -chris
-B
Here's the case where three credentials are necessary: there is a requirement
to host multiple applications on a single database, and data such as users
are in a single, shared table. Therefore, someone logging into app A would
enter username and password of user1 and pass1, and someone else loggi
On Wed, Aug 22, 2007 07:00, "Andrew Hole" <[EMAIL PROTECTED]>
wrote:
Single sign on using valve is interesting, but is it possible use him if I
have different application running in different tomcat instances?
I think that only works with different applications under same tomcat
instance.
F
Andrew Hole wrote:
> Single sign on using valve is interesting, but is it possible use him if I
> have different application running in different tomcat instances?
>
> I think that only works with different applications under same tomcat
> instance.
>
> Thank you
>
You might want to take a look
Single sign on using valve is interesting, but is it possible use him if I
have different application running in different tomcat instances?
I think that only works with different applications under same tomcat
instance.
Thank you
On 8/22/07, Pid <[EMAIL PROTECTED]> wrote:
>
> Andrew Hole wrote:
Andrew Hole wrote:
Exists some way to implement Single Sign On without source code changes?
Could you tell me a little bit about Single Sign On?
Thanks a lot
"In many environments, but particularly in portal environments, it is
desireable to have a user challenged to authenticate themselves
http://tomcat.apache.org/tomcat-5.5-doc/config/host.html#Single%20Sign%20On
Gregor
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
well, we can't tell you the whole desigh of your_app-to-be but gave
you some starting-points. now it's up to you to use them.
however, i do not see any sense at all passing more tha two
credentials (user, pass) to authenticate
therefore, i suggest first thing you should do is to re-think the
I took a look at JAASRealm and its authenticate method only takes two
parameters (username and "credentials", which is really just a single
password string).
Is it possible to pass my other credentials to the JAASRealm so that I can
pass everything at one time (username, password, other credentia
at least you've saved *half* of the time ;)
cheers
greg
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
To start a new to
Gregor Schneider wrote:
Well, subclassing FormAuthenticator would be a hack, a
Tomcat-only-solution and inho a bad one.
therefore, take a look at JAASRealm and try to combine it with your
existing login-procedure, meaning
- Implement a JAASRealm
- get the credentials from there (user, password)
Well, subclassing FormAuthenticator would be a hack, a
Tomcat-only-solution and inho a bad one.
therefore, take a look at JAASRealm and try to combine it with your
existing login-procedure, meaning
- Implement a JAASRealm
- get the credentials from there (user, password)
- do the JAAS-Authentica
I'll try to avoid the hack method if possible.
Let me clarify the two requirements that my authentication process must
meet. It must use an existing stored procedure that will return a login
success/fail response, and it needs additional credentials (username,
password, and at least one other fie
in $CATALINA_HOME/server/lib/catalina.jar there's a file "catalina.properties".
There your will find the following entries:
BASIC=org.apache.catalina.authenticator.BasicAuthenticator
CLIENT-CERT=org.apache.catalina.authenticator.SSLAuthenticator
DIGEST=org.apache.catalina.authenticator.DigestAuth
Thanks for pointing me to that class. How can I specify my overriden version
in a configuration file or programmatically so that it can be used?
Also, I was looking into how to solve the problem from my original post, and
came across the concept multiple times of providing my own Realm
implementa
You could call the authenticate()-method from Tomcat's FormAuthenticator:
http://tomcat.apache.org/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/authenticator/FormAuthenticator.html#authenticate(org.apache.catalina.HttpRequest,%20org.apache.catalina.HttpResponse,%20org.apache.catalina.depl
Mark,
Mark Thomas schrieb:
When starting a new thread (ie sending a message to the list about a
new topic) please do not reply to an existing message and change the
subject line. To many of the list archiving services and mail clients
used by list subscribers this makes your new message appear
When starting a new thread (ie sending a message to the list about a
new topic) please do not reply to an existing message and change the
subject line. To many of the list archiving services and mail clients
used by list subscribers this makes your new message appear as part
of the old thread. Thi
gt; Aaron Steele
> YRI Enterprise Solutions
> https://ris.yumnet.com
> w: 972.338.6862
> c: 817.401.0831
>
>
> -Original Message-
> From: David Smith [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 29, 2006 1:25 PM
> To: Tomcat Users List
> Subject: Re: Sing
: 817.401.0831
-Original Message-
From: David Smith [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 29, 2006 1:25 PM
To: Tomcat Users List
Subject: Re: Single sign-on with multiple Tomcats served via one Apache
httpdserver
The single sign-on valve only really shares an authenticated session
The single sign-on valve only really shares an authenticated session
accross the contexts of one tomcat server. Most likely other tomcat
servers only if they are clustered. But you have two separate,
non-clustered tomcat's whose only commonality is the Apache front-end
and the user realm database
67 matches
Mail list logo
