Hi Ken, Would you mind posting the patch? :-) On Thu, Jun 30, 2016 at 3:52 PM, ken edward <kedward...@gmail.com> wrote: > I did get it to work. Simply merged existing spnego and form auth valves > together, I will try to post later.. > > On Fri, Jun 24, 2016 at 6:21 PM, Terence M. Bandoian <tere...@tmbsw.com> > wrote: > >> On 6/24/2016 10:45 AM, ken edward wrote: >> >>> On Fri, Jun 24, 2016 at 11:26 AM, Mark Thomas <ma...@apache.org> wrote: >>> >>> On 24/06/2016 16:17, ken edward wrote: >>>> >>>>> On Fri, Jun 24, 2016 at 10:46 AM, Mark Thomas <ma...@apache.org> wrote: >>>>> >>>>> On 24 June 2016 14:22:32 BST, ken edward <kedward...@gmail.com> wrote: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I have tomcat 8 on linux, configured with kerberos/SPNEGO >>>>>>> authentication. >>>>>>> All works well, but if the client cannot use kerberos to authenticate, >>>>>>> it >>>>>>> will not fallback to FORM authentication. >>>>>>> >>>>>>> I see some references that tomcat 8 does not do fallback negotiation >>>>>>> for >>>>>>> FORM auth. True? >>>>>>> >>>>>> Yes >>>>>> >>>>>> Any workarounds? >>>>>>> >>>>>> Nothing simple. Both SPNEGO and FORM have their complications. You'll >>>>>> >>>>> need >>>> >>>>> to code some form of custom solution. >>>>>> >>>>>> Have a look in the archives. This has come up before and I think there >>>>>> >>>>> is >>>> >>>>> some sample code that might get you most of the way there. >>>>>> >>>>>> >>>>>> >>>>>> I had already searched the mail archives, and did not see any sample >>>>> >>>> code. >>>> >>>>> If anyone has any insight, please do post some code fragments. >>>>> >>>> I was thinking of this: >>>> http://wiki.apache.org/tomcat/SSLWithFORMFallback >>>> >>>> Not quite what you are looking for but it might help. >>>> >>>> >>>> I guess I need to extend the SPNEGO valve code in tomcat 8 to handle >>> fallback to FORM auth, similar to SSLWIthFORMFallback. aaarg. Such a >>> simple >>> and essential use case. Perplexing that it is not implemented. >>> >>> >> >> If you get it working, you might consider submitting a patch. Doing so >> might save someone else from cursing under their breath. >> >> -Terence Bandoian >> http://www.tmbsw.com/ >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org