On 09/07/2021 16:59, Paolo Clerici wrote:
I use IIS 10.0 as a reverse proxy of Tomcat 7.
IIS 10.0 use Windows Authentication.
When I run the javax.servlet.http.HttpServletRequest.getAuthType()
method I get the null value.
When I run the javax.servlet.http.HttpServletRequest.getRemoteUser()
method I get the null value.
Using IIS 6.1 with the same version of Tomcat everything works fine.
When I run the javax.servlet.http.HttpServletRequest.getAuthType()
method I get "NTLM" string.
When I run the javax.servlet.http.HttpServletRequest.getRemoteUser()
method I get the name of the user who authenticated with IIS.
The configuration of the two versions of IIS appears to be the same.

Clearly it isn't the same since when I tested this with IIS 10.0 it worked exactly as expected.

Seems to be missing some AJP headers including: remote_user (0x03) and
auth_type (0x04) which instead are sent from IIS 6.1.

Below isapi connector debug log (auth and user are null):
Fri Jul 09 17:00:52.743 2021] [4608:4712] [debug]
init_ws_service::jk_isapi_plugin.c (3295): Service protocol=HTTP/1.1
method=GET host=10.10.12.102 addr=10.10.12.102
name=qa-b2b.dasitgroup.it port=443 auth=(null) user=(null)
uri=/s2wweb/faces/login.xhtml

That points to an IIS configuration issue.
How did you configure authentication?

Mark


Product: Tomcat Connectors
Component: isapi
Version: 1.2.48
Windows version: Windows Server 2016
IIS Version: 10.0
Tomcat version: 7


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to