On 04.03.2016 07:16, Chanchal Kariwala wrote:
I am using Tomcat 8.0.32 and I have followed the guide given at
-
https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server)
-
https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w
Windows AD Auth is working i.e. when I access the site, I am asked for
credentials and when I enter the correct credentials, the restricted
resource is displayed.
However my question is why the browser is asking for credentials? Why isn't
it accessing TGT Cache in the OS to fetch the user's credentials?
I have enabled Integrated Windows Auth in IE Settings. I have added the
site in Intranet Sites and set "Logon by Current User" in Custom Level
setting for Intranet.
Hi.
The real *key* to debugging such issues, is to use some plugin or add-on to the browser,
to enable the capture and visualisation of the HTTP dialog back and forth between the
browser and the server.
Since you are using IE, I suggest "Fiddler2".
Install it, close your browser, re-open the browser, start Fiddler2 in capture mode, and
then do an access to the webserver. When prompted for an id/pw, enter them.
Then stop Fiddler2 and examine the HTTP exchanges, starting with your initial request to
the webserver.
You are correct in thinking that, normally, the login should happen automatically in the
background, and you should never see this browser login dialog.
WIA authentication is a multiple-step process between the browser and the webserver, and
in the background between the webserver and a Domain Controller.
That the login dialog appears in your case, means :
1) that the integrated WIA failed
2) that the Domain is configured to allow HTTP Basic authentication in a second step,
after WIA fails. That is the login dialog that you see.
So, something is not working as it should in the WIA step.
But to know exactly what, requires examining the HTTP exchanges.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
