> > But for _transparent_ authentication IIS is required as Christopher > mentioned. > > That is not true. You can use SPNEGO to setup transparent authentication directly to tomcat. You do not need IIS. This means that a browser accesses a protected url on the server, and the server and browser "discuss" who the user is, and then the application is presented with that information. This discussion is transparent and involves no user interaction. This can be done by default in IE and I believe chrome, but firefox is more secure so needs to have explicitly have this authentication security enabled - by default it is turned off to stop hackers falsely requesting the details from a malicious server
HTH Chris