Re: Can I use SSO with Tomcat 5.5.28
sphilben, all I can add is that I have implemented SSO + Tomcat 5.5 and that works fine. Because we are having a server which uses CAS authentication, and because Tomcat was not getting the remote user credentials, I was not able to make it work only with Tomcat + AREA_SSO_ALL_v206MT_v209AREA.zip But compiling the CAS client (easy as pie) and adding it to the MidTier.jar, solved my issue. For more info on CAS => http://www.jasig.org/cas Maybe you should also consider this solution All I remember is that somehow the getusername() was not working. Additionaly, with Tomcat 5.5 you do not need Apache anymore, but it could help having that layer to implement your SSO solution. Serouche On 10/11/2010 20:23, sphilben wrote: ** Listers: We are trying to move from an ARS 7.1 IIS/ServletExec environment to a ARS 7.5, Tomcat 5.5 midtier environment. We have SSO working on the old setup (using the files in AREA_SSO_ALL_v206MT_v209AREA.zip) but now we are not getting it to work on the new setup. Has anyone gotten this to work and if so, how? I have followed all the instructions in the zip file and everything seems to be set up correctly but when we bring the login.jsp page up it forces us to log in and does not automatically log us in. There are, of course no entries in either the Tomcat logs or the ARS logs to indicate that anything is wrong, but I am not even sure that this setup is supported in the new environment. Anyone have this working? Thanks. _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Re: Can I use SSO with Tomcat 5.5.28
If you have apache in front of tomcat, you can do the same with mod_auth_kerb at the web server layer. On Wed, Nov 10, 2010 at 2:47 PM, LJ LongWing wrote: > ** > > Yes….I believe that your problem will be related to the fact that when you > were using IIS, your clients were using ‘integrated authentication’….so the > IIS web server could issue a ‘getRemoteUser()’ (I think that’s the call) and > get your username that it could pass into the SSO module….by default Tomcat > (OOTB) doesn’t support this…thus your problem. What we did, after extensive > searching and configuration was decide on using SPNEGO from source forge to > enable Kerberos authentication to the Tomcat server. This allowed the > getRemoteUser call to return a name, and enable the integration. Good luck > J > > > > *From:* Action Request System discussion list(ARSList) [mailto: > arsl...@arslist.org] *On Behalf Of *sphilben > *Sent:* Wednesday, November 10, 2010 12:24 PM > *To:* arslist@ARSLIST.ORG > *Subject:* Can I use SSO with Tomcat 5.5.28 > > > > ** > > Listers: > > > > We are trying to move from an ARS 7.1 IIS/ServletExec environment to a ARS > 7.5, Tomcat 5.5 midtier environment. We have SSO working on the old setup > (using the files in AREA_SSO_ALL_v206MT_v209AREA.zip) but now we are not > getting it to work on the new setup. > > > > Has anyone gotten this to work and if so, how? I have followed all the > instructions in the zip file and everything seems to be set up correctly but > when we bring the login.jsp page up it forces us to log in and does not > automatically log us in. > > > > There are, of course no entries in either the Tomcat logs or the ARS logs > to indicate that anything is wrong, but I am not even sure that this > setup is supported in the new environment. > > > > Anyone have this working? > > > > Thanks. > > _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ > _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ > ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Re: Can I use SSO with Tomcat 5.5.28
Yes..I believe that your problem will be related to the fact that when you were using IIS, your clients were using 'integrated authentication'..so the IIS web server could issue a 'getRemoteUser()' (I think that's the call) and get your username that it could pass into the SSO module..by default Tomcat (OOTB) doesn't support this.thus your problem. What we did, after extensive searching and configuration was decide on using SPNEGO from source forge to enable Kerberos authentication to the Tomcat server. This allowed the getRemoteUser call to return a name, and enable the integration. Good luck J From: Action Request System discussion list(ARSList) [mailto:arsl...@arslist.org] On Behalf Of sphilben Sent: Wednesday, November 10, 2010 12:24 PM To: arslist@ARSLIST.ORG Subject: Can I use SSO with Tomcat 5.5.28 ** Listers: We are trying to move from an ARS 7.1 IIS/ServletExec environment to a ARS 7.5, Tomcat 5.5 midtier environment. We have SSO working on the old setup (using the files in AREA_SSO_ALL_v206MT_v209AREA.zip) but now we are not getting it to work on the new setup. Has anyone gotten this to work and if so, how? I have followed all the instructions in the zip file and everything seems to be set up correctly but when we bring the login.jsp page up it forces us to log in and does not automatically log us in. There are, of course no entries in either the Tomcat logs or the ARS logs to indicate that anything is wrong, but I am not even sure that this setup is supported in the new environment. Anyone have this working? Thanks. _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Re: Can I use SSO with Tomcat 5.5.28
Yeah, I looked at that already. It didn't make a difference. My new question is whether I need IIS or Apache as well as Tomcat if I want to do this? Sent from my iPhone On Nov 10, 2010, at 14:40, ftsnv wrote: > ** > Hi, > > Just throwing in some ideas. Did you set the tomcat authentication to > false? That might be one of the reasons the browser asks for the login. > > Thanks > Siva > > On Wed, Nov 10, 2010 at 2:23 PM, sphilben wrote: > ** > Listers: > > We are trying to move from an ARS 7.1 IIS/ServletExec environment to a ARS > 7.5, Tomcat 5.5 midtier environment. We have SSO working on the old setup > (using the files in AREA_SSO_ALL_v206MT_v209AREA.zip) but now we are not > getting it to work on the new setup. > > Has anyone gotten this to work and if so, how? I have followed all the > instructions in the zip file and everything seems to be set up correctly but > when we bring the login.jsp page up it forces us to log in and does not > automatically log us in. > > There are, of course no entries in either the Tomcat logs or the ARS logs to > indicate that anything is wrong, but I am not even sure that this setup is > supported in the new environment. > > Anyone have this working? > > Thanks. > _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ > > _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
Re: Can I use SSO with Tomcat 5.5.28
Hi, Just throwing in some ideas. Did you set the tomcat authentication to false? That might be one of the reasons the browser asks for the login. Thanks Siva On Wed, Nov 10, 2010 at 2:23 PM, sphilben wrote: > ** > Listers: > > We are trying to move from an ARS 7.1 IIS/ServletExec environment to a ARS > 7.5, Tomcat 5.5 midtier environment. We have SSO working on the old setup > (using the files in AREA_SSO_ALL_v206MT_v209AREA.zip) but now we are not > getting it to work on the new setup. > > Has anyone gotten this to work and if so, how? I have followed all the > instructions in the zip file and everything seems to be set up correctly but > when we bring the login.jsp page up it forces us to log in and does not > automatically log us in. > > There are, of course no entries in either the Tomcat logs or the ARS logs > to indicate that anything is wrong, but I am not even sure that this > setup is supported in the new environment. > > Anyone have this working? > > Thanks. > _attend WWRUG11 www.wwrug.com ARSlist: "Where the Answers Are"_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"