On 24.06.2016 17:45, ken edward wrote:
On Fri, Jun 24, 2016 at 11:26 AM, Mark Thomas <ma...@apache.org> wrote:
On 24/06/2016 16:17, ken edward wrote:
On Fri, Jun 24, 2016 at 10:46 AM, Mark Thomas <ma...@apache.org> wrote:
On 24 June 2016 14:22:32 BST, ken edward <kedward...@gmail.com> wrote:
Hello,
I have tomcat 8 on linux, configured with kerberos/SPNEGO
authentication.
All works well, but if the client cannot use kerberos to authenticate,
it
will not fallback to FORM authentication.
I see some references that tomcat 8 does not do fallback negotiation
for
FORM auth. True?
Yes
Any workarounds?
Nothing simple. Both SPNEGO and FORM have their complications. You'll
need
to code some form of custom solution.
Have a look in the archives. This has come up before and I think there
is
some sample code that might get you most of the way there.
I had already searched the mail archives, and did not see any sample
code.
If anyone has any insight, please do post some code fragments.
I was thinking of this:
http://wiki.apache.org/tomcat/SSLWithFORMFallback
Not quite what you are looking for but it might help.
I guess I need to extend the SPNEGO valve code in tomcat 8 to handle
fallback to FORM auth, similar to SSLWIthFORMFallback. aaarg. Such a simple
and essential use case. Perplexing that it is not implemented.
To me, the question here is more : if SPNEGO fails, and you fall back to form-based
authentication, what are you going to authenticate *against*, once the user fills the form ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
