Hi, Actually I have Apache2 operating as proxy and authenticate layer (HTTP Form and HTTP Basic), in front of several Tomcat instances and webapps. Apache pushes the userId to tomcat through AJP. On tomcat side, the webapp has a Basic login-module in web.xml.
I'm quite satisfied of the result, authentication and authorization are out of the application scope. The deployment and maintenance of application is super easy. The sensitive maintenance of authentication is made by a dedicated team... I wish to improve that adding OpenId Authentication, keeping apache as authentication layer with an openid connector, but the one I saw doesn't seems to be used a lot and is not available as precompiled for my os... I'm looking also at moving authentication at tomcat level with an openid Realm. It's not ideal because of the large number of applications are servers do impact and network configuration to change, ... Does someone have experience in this architecture ? Do you have some recommendation for Apache Module or Tomcat Realm to use ? Thanks Stephane