Hello Douglas, Single Sign-on is implemented in Tomcat using Valves. See...
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/valve.html#Single%20Sign%20On%20Valve http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/host.html#Single%20Sign%20On http://jakarta.apache.org/tomcat/tomcat-4.1-doc/catalina/docs/api/org/apache/catalina/authenticator/SingleSignOn.html Jake Tuesday, July 30, 2002, 1:36:11 PM, you wrote: SDc> Thank you for your reply. I have done the same thing but what I found is SDc> that, using your example,login.jsp would have to reside in each web SDc> applications directory. So if I have 5 different web applications, SDc> login.jsp would have to be replicated 5 times. I would like to have SDc> login.jsp in only one place. Are you experiencing something different? SDc> -----Original Message----- SDc> From: HAVENS,PETER (HP-Cupertino,ex3) [mailto:[EMAIL PROTECTED]] SDc> Sent: Tuesday, July 30, 2002 2:31 PM SDc> To: 'Tomcat Users List' SDc> Subject: RE: Multiple Web App Authentication SDc> I have been working on the same thing. I believe it can be accomplished by SDc> modifying your web.xml file in the conf directory. You will need a SDc> <security-constraint> and a <login-config>. Here is what I added and it SDc> seems be working. Hope this gets you started. SDc> -Peter SDc> ----------------------------- SDc> <security-constraint> SDc> <display-name>Gryphon Authentication</display-name> SDc> <web-resource-collection> SDc> <web-resource-name>Protected Area</web-resource-name> SDc> <!-- Define the context-relative URL(s) to be protected --> SDc> <url-pattern>/*</url-pattern> SDc> <!-- If you list http methods, only those methods are protected --> SDc> <http-method>GET</http-method> SDc> <http-method>DELETE</http-method> SDc> <http-method>POST</http-method> SDc> <http-method>PUT</http-method> SDc> </web-resource-collection> SDc> <auth-constraint> SDc> <!-- Anyone with one of the listed roles may access this area --> SDc> <role-name>*</role-name> SDc> </auth-constraint> SDc> </security-constraint> SDc> <!-- Default login configuration uses form-based authentication --> SDc> <login-config> SDc> <auth-method>FORM</auth-method> SDc> <realm-name>Gryphon Form-Based Authentication</realm-name> SDc> <form-login-config> SDc> <form-login-page>/login.jsp</form-login-page> SDc> <form-error-page>/error.jsp</form-error-page> SDc> </form-login-config> SDc> </login-config> SDc> -----Original Message----- SDc> From: Srofe, Douglas (c) [mailto:[EMAIL PROTECTED]] SDc> Sent: Tuesday, July 30, 2002 11:10 AM SDc> To: 'Tomcat Users List' SDc> Subject: Multiple Web App Authentication SDc> I am trying to implement single authentication (form based) for multiple web SDc> applications within a single virtual host. I have read the documentation SDc> for single-sign on and have made that work. However, it appears that the SDc> logon page(s) need to be in all web applications. Authentication is granted SDc> for all web applications based on the one someone tried to log onto first. SDc> What I would like to do is basically have an "authentication web SDc> application". If someone tried to log into any other web application they SDc> would be redirected to the "authentication web application" to be logged on. SDc> I cannot figure out how to do something like this with Tomcat. I could SDc> basically accomplish this by having one big web application, but in our SDc> environment it would be cleaner if we could have separate web applications SDc> all protected by a single entry point. SDc> If anyone can help with this, it would be greatly appreciated. SDc> Thank you. SDc> Douglas Srofe SDc> WDS Corp. SDc> -- SDc> To unsubscribe, e-mail: SDc> <mailto:[EMAIL PROTECTED]> SDc> For additional commands, e-mail: SDc> <mailto:[EMAIL PROTECTED]> SDc> -- SDc> To unsubscribe, e-mail: SDc> <mailto:[EMAIL PROTECTED]> SDc> For additional commands, e-mail: SDc> <mailto:[EMAIL PROTECTED]> SDc> -- SDc> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> SDc> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- Best regards, Jacob mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>