Thanks Jinghai, Actually Tomcat SSO has been provided by James Yong at https://issues.apache.org/jira/browse/OFBIZ-10047 It does not support clusters yet https://issues.apache.org/jira/browse/OFBIZ-10123
Deepak has made another proposition to use a JWT token locally (same domain) at https://issues.apache.org/jira/browse/OFBIZ-9833 I have made another proposition to use Ajax+JWT+CORS at https://issues.apache.org/jira/browse/OFBIZ-10307 But it's more from one domain to another. @Jochen: You could though use CORS for a subdomain, look for https://www.google.fr/search?q=cors+subdoamin&ie=UTF-8 HTH Jacques Le 29/03/2018 à 10:44, Shi Jinghai a écrit :
Q1: http://server/ofbiz/ Yes. It's a simple configuration for both Apache Httd and Nginx. Q2: Http header basic authentication Not sure whether Jacques has completed the new Tomcat SSO. If yes, then it's ready OOTB. For this kind authentication, OFBiz also supports Apereo CAS (by LDAP plugin) and OAuth2 (by passport plugin). Have fun, -----邮件原件----- 发件人: Jochen.Boutens@ [mailto:finalbeta.net [email protected]] 发送时间: 2018年3月29日 15:39 收件人: [email protected] 主题: Basic Q: Can ofbiz run in subdir and use HTTP auth? Hello, We are exploring functionality of several sollutions. Ofbiz seems to qualify for most tasks. I have two questions I would like to make sure before we begin testing: For integration into our systems we require the the solution to run under a subdirectory of the root of the webserver. (http://server/ofbiz/). ( The reason for this is that ofbiz will be reverse proxied and that http://reverseproxy/ is used for something else. A differend domain is not a option because of question two). For integration into our systems we prefer that the application can use authentication data in the http header (Basic Authorization/Http authorization). Our reverse proxy sends the users (LDAP) credentials in the header allowing applications to automatically log the user in. Can these things be done with Ofbiz? Thanks for your responses.
