Hi Stephane,

> -----Ursprüngliche Nachricht-----
> Von: Stephane Passignat <passig...@hotmail.com>
> Gesendet: 13 March 2020 17:53
> An: Tomcat Users List <users@tomcat.apache.org>

> Actually I have Apache2 operating as proxy and authenticate layer (HTTP
> Form and HTTP Basic), in front of several Tomcat instances and webapps.
> Apache pushes the userId to tomcat through AJP.
> On tomcat side, the webapp has a Basic login-module in web.xml.
> I'm quite satisfied of the result, authentication and authorization are
> out of the application scope. The deployment and maintenance of
> application is super easy. The sensitive maintenance of authentication
> is made by a dedicated team...
> I wish to improve that adding OpenId Authentication, keeping apache as
> authentication layer with an openid connector, but the one I saw
> doesn't seems to be used a lot and is not available as precompiled for
> my os...
> I'm looking also at moving authentication at tomcat level with an
> openid Realm. It's not ideal because of the large number of
> applications are servers do impact and network configuration to change,
> ...
> Does someone have experience in this architecture ? Do you have some
> recommendation for Apache Module or Tomcat Realm to use ?

We implement a server extension (with help of nimbusd-library on top of jaspic),
that works on tomcat9  (and all other java-ee application server).
See here ==> https://connect2id.com/products/nimbus-oauth-openid-connect-sdk

Unfortunately it is not open source, yet.

Mit freundlichen Grüßen / Kind Regards/ नमस्ते(Namaste)
Bernd Schatz
ITT/FT - Java Free and Open Source Software (JFoSS)
HPC Z252
Gebäude VDZ Ost 1.OG
Plieninger Str. 150
70567 Stuttgart

Bernd Schatz
Büro: +49 711 17 41463
Mobile: +49 151 5862 6591
FAX: +49 711 17 7904 1252

If you are not the addressee, please inform us immediately that you have 
received this e-mail by mistake, and delete it. We thank you for your support.

Reply via email to