Well, Johnny, we seem to agree..
Johnny Kewl wrote:
----- Original Message ----- From: "sridharmnj" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Thursday, June 05, 2008 4:33 PM
Subject: Re: Single sign on issue with Tomcat and Apache
Many thanks to all of you for responding to my problem.
I apologize, I hope I didnot mention my system architecture clearly.
(As I
mentioned, it is an old application, which was developed 9 yrs ago,
and no
documentation at all :-( )
I am accessing those applications like..
www.mywebsite.com/aaa -> (aaa webapp) Its based on Tomcat FORM based
authentication. (JDBC Realm)
www.mywebsite.com/bbb -> Here some static pages are deployed into
Apache and
based on BASIC authentication.(mod_auth_mysql)
www.mywebsite.com/ccc -> (ccc webapp) Here dynamic pages are deployed on
Tomcat based on BASIC authentication.(JDBC Realm)
All the above applications are using same usertable for credentials.
Scenario 1: When I logs into the bbb, (Apache-BASIC) it is poping up a
dialog box with username and password and after providing the details
it is
authenticating using mod_auth_mysql. I have a link to the ccc
(Tomcat-BASIC)
from bbb pages. When I clicked that link, I am able to navigate those
pages
without providing the credentials again. (I hope, here tomcat is finding
auth headers which are set by Apache)
Scenario 2: When I directly logs into ccc (Tomcat-BASIC) it is poping
up a
dialog box with username and password and after providing the details,
it is
authenticating using Tomcat BASIC authentication. If I click a link to
bbb,
I am able to navigate to it without providing the details 2nd time. (I
hope,
here Apache is finding the credentials which are set by Tomcat).
Scenario 3: When I logs into aaa, (TOMCAT-FORM) after authentication,
I am
able to access ccc (TOMCAT-BASIC) without providing the credentials
again.
(I hope, here Tomcat is sharing the credentials between FORM and BASIC
authentication credentials, as SingleSignOnValve is enabled).
These Scenarios 1,2,3 are working perfectly, and I need those as is.
Scenario 4: When I logs into aaa, (Tomcat-Form) after authentication,
If I
click a link to bbb (Apache-BASIC) again its poping up a window for
username
and password.
sridharmnj
Ok this is very different to what we first thought.
This is a guess...
I think the problem is that you mixing auth methods...
You have to make them all BASIC in this case.
The browser is on the same domain... so I think it will be returning the
auth header info, can check with a dump valve or get wireshark and just
make sure it is returning header info... but I think it is, the problem
is that the auth info is not the same.
I've never used FORM authentication, but I guess it just reads the UID
and Password fields and then TC starts tracking that cookie as
authenticated.
BASIC does not do that... there the browser returns a Base64 encoded
mash and that is interpreted.
So if you go to say ccc (BASIC) and then bbb (BASIC)..... you havnt
said... but I think that will work.
But when you go to FORM.... all the browser sends Apache is a little old
cookie... and the BASIC logic will go "what the hell"... and challenges
the browser.
So the initial thought that it was a domain problem is not correct...
you just mixing incompatible auth schemes.
I think you have to lose the FORM auth... and even though you cant
change the web app, I think that is is possible externally... all thats
going to happen is that the browser pops up a password box... and that
auth FORM is now going to be redundant.
I think the FORM auth has to go, must be made BASIC... my guess.
---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
