On 09/07/2021 16:59, Paolo Clerici wrote:
I use IIS 10.0 as a reverse proxy of Tomcat 7. IIS 10.0 use Windows Authentication. When I run the javax.servlet.http.HttpServletRequest.getAuthType() method I get the null value. When I run the javax.servlet.http.HttpServletRequest.getRemoteUser() method I get the null value. Using IIS 6.1 with the same version of Tomcat everything works fine. When I run the javax.servlet.http.HttpServletRequest.getAuthType() method I get "NTLM" string. When I run the javax.servlet.http.HttpServletRequest.getRemoteUser() method I get the name of the user who authenticated with IIS. The configuration of the two versions of IIS appears to be the same.
Clearly it isn't the same since when I tested this with IIS 10.0 it worked exactly as expected.
Seems to be missing some AJP headers including: remote_user (0x03) and auth_type (0x04) which instead are sent from IIS 6.1. Below isapi connector debug log (auth and user are null): Fri Jul 09 17:00:52.743 2021] [4608:4712] [debug] init_ws_service::jk_isapi_plugin.c (3295): Service protocol=HTTP/1.1 method=GET host=10.10.12.102 addr=10.10.12.102 name=qa-b2b.dasitgroup.it port=443 auth=(null) user=(null) uri=/s2wweb/faces/login.xhtml
That points to an IIS configuration issue. How did you configure authentication? Mark
Product: Tomcat Connectors Component: isapi Version: 1.2.48 Windows version: Windows Server 2016 IIS Version: 10.0 Tomcat version: 7
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org