Chris Fors wrote:
Trying to get Windows
Authentication operational using the Tomcat Built-in method. Implemented the
following but not
observed any Windows / Kerberos authentication occuring:
-
Domain joined
windows member server
-
Domain service
account
-
Delegated SPN for
HTTP protocol on the member server to the service account
-
Generated keytab
file for the service account and saved in $catalina.base\conf folder
-
Created Valve in context.xml of className org.apache.catalina.authenticator.SpnegoAuthenticator
-
Created krb5.ini and
saved in $catalina.base\conf folder
-
Created jaas.conf and
saved in $catalina.base\conf folder
After this still no observed
effect on logon authentications – all still apparently anonymous.
Anyone had success with this ? Any ideas on what is missing?Is there a good
way to
debug the process?
What is the OS platform ?
To debug the process : other than what you already did above, a network trace with
Wireshark or similar ? (should be SMB exchanges I suppose)
Another couple of questions :
- is the client workstation that accesses the Tomcat server, itself in the Domain to which
you are trying to authenticate ?
- from the point of view of that workstation and its browser, is that Tomcat server
considered as inside the Domain, or at least "trusted" ?
(because if not, then the browser will not even /try/ to use WIA authentication)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org