For a different approach to SSO you may read up from this link I think: http://www.simongbrown.com/blog/2004/11/04/1099588633312.html
He uses Tomcat valves with Apache sitting in front. Headers are placed on the request and read in. In fact this allows for SSO across different environments. We started to implement a version that would have shared sign on between Tomcat and PHP apps but stopped for internal reasons. I think his theory is sound though. This is not portable to other J2EE containers mind. Not sure if that answers all of your question though. How would you know if the user is in your domain? You may have to write your own realm/valve code to interact with NTLM though still don't fully understand the sequence of events you are trying to achieve. I think if you google there are some libraries for Java to NTLM out there. Elliott -----Original Message----- From: Ravi116 [mailto:[EMAIL PROTECTED] Sent: 21 November 2006 21:39 To: users@tomcat.apache.org Subject: Re: Custom Authentication Marcus, Thanks for your response. Let me elaborate on 1st question - Need to authenticate users either using NTLM or SSL based on whether is user in domain or not. Can we implement our own auth-method in login-config in web.xml ? Part of the requirement is to make shared/single-sign-on across web applications. Ravi Marcus Williford wrote: > > Ravi, > > I'll try to help: > > 1. You could enforce the request.isSecure() along with a header check in > your servlet and redirect to a secure port. Perhaps you could also do > this > in a filter, check the header, then check to see if secure. I'm not sure > I > understood your question completely, but I hope this helps. > > 2. I've recently used a custom Realm by extending RealmBase, then placing > that realm in the server/lib directory in jar format. Then simply create > a > Realm entry in your server.xml file to your new Realm. Put your SSO login > in the Custom Realm. I'm sure this isn't the only way, but it is the > first > thing that comes to mind. > > Let me know if you need help with either of those ideas. > > Marcus > > On 11/20/06, Ravi116 <[EMAIL PROTECTED]> wrote: >> >> >> 1. Can we implement NTLM or SSL authentication based on some HTTP header >> value ? >> 2. How do we implement an authorization model with single-sign on ? >> Realms >> ? >> >> Ravi >> -- >> View this message in context: >> http://www.nabble.com/Custom-Authentication-tf2670458.html#a7446639 >> Sent from the Tomcat - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > -- View this message in context: http://www.nabble.com/Custom-Authentication-tf2670458.html#a7480530 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
