Yes I am using a Spnego enabled browser and my motto is to enable single sign in geronimo through spnego. As of now I have a small POC of spnego working were it is able to recoganise the src machine, target machine and is able to establish a security context between client and server. However current implementation requires me to override one of the Basic, digest or form as these are the ones which can be specified in web.xml and we cannot specify Negotiate. So my questions are:
Q1. Can you think of a way were we need not override any of the above mentioned mechanism? Q2. I need to disable the prompt for credentials by the browser. because once the user is logged into a machine which is part of domain controller he should be able to access the apps w/o any prompt. I have referred the following link to understand how spnego is supposed to work. http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/csec_SPNEGO_explain.html Thanks Ashish On Thu, Dec 10, 2009 at 6:26 AM, David Jencks <david_jen...@yahoo.com>wrote: > > On Dec 9, 2009, at 5:03 AM, Ashish Jain wrote: > > Hi folks, >> >> Can you please suggest if there is anyway to disable the prompt for >> username and password when using basic authentication?? >> > > That's browser behavior, so the only thing you can do from the server side > is not use plain BASIC auth. Are you using a SPNEGO enabled browser on a > platform where it can recognize your (client side) kerberos login? Do you > have a link to a description of how SPNEGO is supposed to work? > > thanks > david jencks > > > >> Thanks and Regards >> Ashish >> >> On 11/13/09, Costin Manolache <cos...@gmail.com> wrote: >> >>> On Fri, Nov 13, 2009 at 6:44 AM, Mark Thomas <ma...@apache.org> wrote: >>> >>> Ashish Jain wrote: >>>> >>>> 4) Does this require code changes to BasicAuthenticator >>>>> >>>> FormAuthenticator, >>>> >>>>> AuthenticatorBase of tomcat. >>>>> >>>> >>>> Basic and form - no. Base - maybe. >>>> >>>> Please provide your comment and suggestions. >>>>> >>>> >>>> My instinct (that may be wrong) is that you'll need a new authenticator. >>>> If >>>> you >>>> get this working then I'd certainly consider it for inclusion in Tomcat. >>>> >>>> >>>> An OpenID would be nice too :-) >>> >>> Costin >>> >>> >>> >>> Mark >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: dev-h...@tomcat.apache.org >>>> >>>> >>>> >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
