I've been told our working application must coexist with other applications using BASIC authentication, the same domain name and a shared authentication store to achieve single sign on (SSO).
Our application has been working fine without IIS or Apache sitting in front of it. The application is almost entirely dynamic so I didn't feel a need before. Now that we've thrown the switch on our QA tier the SSO is not working. The other application seems to generate a key to store the authentication in the browser of "qa.ourserver.com", while our application generates a key of "qa.ourserver.com:80". The browser then treats these as separate domains. I do not see anywhere in the config files where this is set. Q1: Can I configure Tomcat to not include the ":80" at the end of the domain name? Q2: Should I configure Tomcat to run behind the same IIS the other application runs behind? I'm developing in Java and the other application is developed in C## and .net. Q3: If the BASIC authentication solution weren't already dictated, what would the preferred SSO solution be? Any additional insight is also appreciated. Thanks! -Steve-
