Actually I have Apache2 operating as proxy and authenticate layer (HTTP
Form and HTTP Basic), in front of several Tomcat instances and webapps.
Apache pushes the userId to tomcat through AJP.
On tomcat side, the webapp has a Basic login-module in web.xml.

I'm quite satisfied of the result, authentication and authorization are
out of the application scope. The deployment and maintenance of
application is super easy. The sensitive maintenance of authentication
is made by a dedicated team...

I wish to improve that adding OpenId Authentication, keeping apache as
authentication layer with an openid connector, but the one I saw
doesn't seems to be used a lot and is not available as precompiled for
my os...
I'm looking also at moving authentication at tomcat level with an
openid Realm. It's not ideal because of the large number of
applications are servers do impact and network configuration to change,

Does someone have experience in this architecture ? Do you have some
recommendation for Apache Module or Tomcat Realm to use ?


Reply via email to