On 03.09.2015 23:31, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hardy,
On 9/3/15 2:32 PM, Pottinger, Hardy J. wrote:
Are you actually using HTTP Basic authentication? You may be
configuring the wrong authenticator. (I know nothing about
Shibboleth)
I'm using Apache HTTPD as a front-end (via mod_proxy) for Tomcat,
since Shibboleth works (mostly) with Apache HTTPD. So, the
authentication happens on the HTTPD side.
Are you using AJP or HTTP as your proxy protocol? If AJP, are you
using tomcatAuthentication="false" on your <Connector>? I'm not
exactly sure what happens when you do that... you might get a
NonLoginAuthenticator.
You could cause any error to occur in your application and then look
at the stack trace to find out what kind of authenticator you got (the
Valve will be in the stack trace).
I believe there may be some confusion here.
The things to find out would be :
1) if *all* accesses to the application, go through httpd first. And if yes, by what
mechanism does httpd proxy them to Tomcat ? (choices : mod_proxy_http / mod_proxy_ajp /
mod_jk)
2) if yes to the above, then : does httpd do the authentication before proxying these
calls to Tomcat ?
(because if yes to both above, then the issue looks to be more at the httpd level, than at
the Tomcat level)
In other words, it may be helpful to paste a copy of the httpd configuration
here.
(Do not attach it, paste it in (after removing anything irrelevant or confidential); the
list strips most attachments).
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
