On 7/14/2011 10:20 AM, Pid wrote:
On 14/07/2011 15:04, David kerber wrote:
On 7/14/2011 9:50 AM, André Warnier wrote:
David kerber wrote:
I have a situation where my users will be logging into their pages on
an IIS 5 web server, which authenticates them with their user ID and
password as configured in IIS. This works fine.
Now I need to add some new functionality to the web site that will be
using my tomcat webapp, and I don't want them to have to authenticate
again in my app, so I'm trying to figure out how to pass the user ID
from the web page on IIS, to my webapp. I thought
request.getRemoteUser() would do it, but that's returning null, rather
than the loggged-in user ID.
You need to specify what you use to forward requests from IIS to Tomcat.
If you are using Isapi_Redirect, then set the attribute
"tomcatAuthentication" to false in the Tomcat AJP<Connector> (in
server.xml).
I'm not "forwarding" at all. The call to tomcat from the IIS page is
just the "action" parameter of the form. The only connector is the
standard http 1.1 connector.
If their username& password really is configured in IIS, were you
hoping that Tomcat would magically interface with that? :s
No, I was just hoping that some request header or parameter with the
user name would be carried over when the call was made to the servlet,
but it's not doing so. I don't need to fully authenticate them again,
but do need their user ID.
Any other suggestions, or am I going to have to go a different route?
Tomcat 7 has SPNEGO support, which might enable cross-server SSO, but
I'm speculating there.
I'll see if that might help; I've never heard of it.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
