https://bz.apache.org/bugzilla/show_bug.cgi?id=64222
b...@wigeogis.com changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|WORKSFORME |--- Status|RESOLVED |REOPENED --- Comment #6 from b...@wigeogis.com --- Next time on the users list, sorry. Could you please improve the documentation? https://tomcat.apache.org/tomcat-9.0-doc/windows-auth-howto.html As already written in comment #4 , I did not know how to configure the built-in SSO properly. http://tomcat.10.x6.nabble.com/Help-with-SPNEGO-Pass-Through-td5073933.html gave some hints. In fact a Valve setting the SpnegoAuthenticator and the correct Realm (AuthenticatedUserRealm) are necessary! Additionally in the web.xml 1) you must use auth-method SPNEGO in login-config and 2) you should only protect the JSPs in multiple url-filter in security-constraint that use request.getRemoteUser() because in our case we are not protecting these resources, but rather enabling SSO there. Otherwise (with my configuration from comment #4 ) any other JSPs (not only other servlets), that do not use request.getRemoteUser(), do not work, i.e. they will show a HTTP status 401 Unauthorized. I think this is because the authorization is not done for JSPs not calling request.getRemoteUser() Many Thanks! -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org