I did get it to work. Simply merged existing spnego and form auth valves together, I will try to post later..
On Fri, Jun 24, 2016 at 6:21 PM, Terence M. Bandoian <tere...@tmbsw.com> wrote: > On 6/24/2016 10:45 AM, ken edward wrote: > >> On Fri, Jun 24, 2016 at 11:26 AM, Mark Thomas <ma...@apache.org> wrote: >> >> On 24/06/2016 16:17, ken edward wrote: >>> >>>> On Fri, Jun 24, 2016 at 10:46 AM, Mark Thomas <ma...@apache.org> wrote: >>>> >>>> On 24 June 2016 14:22:32 BST, ken edward <kedward...@gmail.com> wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> I have tomcat 8 on linux, configured with kerberos/SPNEGO >>>>>> authentication. >>>>>> All works well, but if the client cannot use kerberos to authenticate, >>>>>> it >>>>>> will not fallback to FORM authentication. >>>>>> >>>>>> I see some references that tomcat 8 does not do fallback negotiation >>>>>> for >>>>>> FORM auth. True? >>>>>> >>>>> Yes >>>>> >>>>> Any workarounds? >>>>>> >>>>> Nothing simple. Both SPNEGO and FORM have their complications. You'll >>>>> >>>> need >>> >>>> to code some form of custom solution. >>>>> >>>>> Have a look in the archives. This has come up before and I think there >>>>> >>>> is >>> >>>> some sample code that might get you most of the way there. >>>>> >>>>> >>>>> >>>>> I had already searched the mail archives, and did not see any sample >>>> >>> code. >>> >>>> If anyone has any insight, please do post some code fragments. >>>> >>> I was thinking of this: >>> http://wiki.apache.org/tomcat/SSLWithFORMFallback >>> >>> Not quite what you are looking for but it might help. >>> >>> >>> I guess I need to extend the SPNEGO valve code in tomcat 8 to handle >> fallback to FORM auth, similar to SSLWIthFORMFallback. aaarg. Such a >> simple >> and essential use case. Perplexing that it is not implemented. >> >> > > If you get it working, you might consider submitting a patch. Doing so > might save someone else from cursing under their breath. > > -Terence Bandoian > http://www.tmbsw.com/ > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >