> We have 2 Apps on tomcat with each having independent DB > the credentials in both apps are in synch with the list of authorized users > as per LDAP.
What does that mean? Where is the source of the credentials? When a user changes a password, where do they change it? You say "in synch", so do the databases just copy the credentials from LDAP? How is the sync working? > *for the 1st app any valid user should be able to log in (using any Browser) > only once to validate the LDAP verification , What does that mean "validate the LDAP verification" - do you mean validate their credentials against LDAP right? > On validating the request should continue to AAA of the Application as per > the Local DB credentials Do you mean that another round of authentication should occur in the application? Surely the app could just pick up the SSO credentials? Why do it again? > and allow to successful logon ...probably log out later.* > > *Later If the 2nd apps is requested for the authorization should not ask for > re-validation.* > > The process on any apps requires to validate credentials only once in a day. So you want to configure the login process to work once per day, e.g. the users are prompted once per day for either app, but once prompted, they won't be prompted again for either app for the rest of the day. Presumably if the login is without a prompt, then this requirement disappears, e.g. if the browser can send current credentials to server without any prompt, then it doesn't really matter how many times this happens per day right? > > How can this be achievable [ Either at TOMCAT (if possible) or at Apache > httpd since we use reverse Proxy conf ] Subject to some confirmation from you about exactly what you want, the previous suggestions should allow you to do all of the above Chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org