I created my own authentication method beside BASIC, DIGEST, FORM, and CLIENT-CERT to allow the user to authenticate against our own SAML IdP and enter the user credentials on a page provided by the IdP. The authentication method of the IdP uses a Java applet to access a smart card and get the user credentials, so the web browser has to be redirected to some different page to login.
To add our own authentication method we extended org.apache.catalina.authenticator.AuthenticatorBase and added the it to the list of supported methods in the tomcat configuration. This is working like expected. Now it should be possible to also log into the application with a from based authentication in addition to the IdP login, the normal FORM method would be nice. The user should select at some entry page what method he wants to use and then the correct authentication method should be used. I tried to modify the web.xml of my web application to add both methods, but it did not work. Adding two <login-config> or two <auth-method> is not allowed. Now my plan is to implement some additional authentication method which supports both or a method which will forward the request to some other method ( my own or FORM) depending on some attribute in the http request, but this does not look clean to me. Is there a clean way to do this? I am working on the Tomcat included in the JBoss 5.1 (I think it is 6.0), but it should also work on other versions (>= 6.0) so that we are able to secure any web application running on some tomcat. Hauke Please add me to the CC as I am not subscripted to the list. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
