Sorry, guess I was not clear enough. We are using Microsoft's IIS to front-end Tomcat, not the Apache HTTP server. Apache HTTP server is not an option for our environment. We would prefer to use the Windows authenticated user passed to Tomcat by IIS, but are open to anything that works reliably.
As I said, our custom application is working great in this environment, but the manager app is not. We are having trouble associating the roles that the manager app is expecting with the authenticated user. We have tried altering the tomcat-users file just about every which way we could think of. Essentially we need any way to associate the authenticated user with the " "manager-gui" that the manager app is expecting. Would we need to implement a custom realm to make this work? - Mark Harris - -----Original Message----- From: André Warnier [mailto:a...@ice-sa.com] Sent: Tuesday, March 19, 2013 3:28 PM To: Tomcat Users List Subject: Re: Manager App not working with Windows authentication enabled Harris Mark R wrote: > Environment: > IIS 7.5 > Tomcat 7.037 > AJP/1.3 connector (redirector.dll) v 1.2 Java 7 > > We have a requirement for a new intranet application that it use Windows > authentication. We have this working in our new application. We do have > IIS, the connector and Tomcat serving up the application with no problems. > > What did happen is that we discovered that the manager application that comes > with Tomcat no longer is accessible. We have some staff that use the manager > app routinely. > We did try to set up two AJP connectors, one defined in the server.xml with > tomcatAuthentication="true" and another set to false. In the AJP property > files we set the second one to only be mapped to the manager URL. This did > not work as we expected. Setting tomcatAuthentication="false" in this case means that Tomcat is going to rely on the authenticated user-id sent to it by the front-end, through AJP. So you should authenticate the user at the Apache httpd front-end level. > > Anyone have any ideas on how to get the manager application working? How would you like the users of the manager application to be authenticated ? also via Windows Integrated Authentication, or at the Apache httpd level, via some other mechanism ? For a simple case, you could for example do this at the Apache httpd level : <Location /manager> setHandler jakarta-servlet AuthType Basic AuthName tomcat-manager require user x y z ... ... </Location> (and set tomcatAuthentication="false") ("setHandler jakarta-servlet" in that <Location> section is roughly equivalent to "JkMount /manager" worker1) This syntax is explained in one of the on-line AJP connector's info pages on the tomcat website, at the very end of the page. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org