On 6/30/2016 7:52 AM, ken edward wrote:
I did get it to work. Simply merged existing spnego and form auth valves
together, I will try to post later..
On Fri, Jun 24, 2016 at 6:21 PM, Terence M. Bandoian <tere...@tmbsw.com>
wrote:
On 6/24/2016 10:45 AM, ken edward wrote:
On Fri, Jun 24, 2016 at 11:26 AM, Mark Thomas <ma...@apache.org> wrote:
On 24/06/2016 16:17, ken edward wrote:
On Fri, Jun 24, 2016 at 10:46 AM, Mark Thomas <ma...@apache.org> wrote:
On 24 June 2016 14:22:32 BST, ken edward <kedward...@gmail.com> wrote:
Hello,
I have tomcat 8 on linux, configured with kerberos/SPNEGO
authentication.
All works well, but if the client cannot use kerberos to authenticate,
it
will not fallback to FORM authentication.
I see some references that tomcat 8 does not do fallback negotiation
for
FORM auth. True?
Yes
Any workarounds?
Nothing simple. Both SPNEGO and FORM have their complications. You'll
need
to code some form of custom solution.
Have a look in the archives. This has come up before and I think there
is
some sample code that might get you most of the way there.
I had already searched the mail archives, and did not see any sample
code.
If anyone has any insight, please do post some code fragments.
I was thinking of this:
http://wiki.apache.org/tomcat/SSLWithFORMFallback
Not quite what you are looking for but it might help.
I guess I need to extend the SPNEGO valve code in tomcat 8 to handle
fallback to FORM auth, similar to SSLWIthFORMFallback. aaarg. Such a
simple
and essential use case. Perplexing that it is not implemented.
If you get it working, you might consider submitting a patch. Doing so
might save someone else from cursing under their breath.
-Terence Bandoian
http://www.tmbsw.com/
Sounds great!
-Terence
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
