Re: siteMinder implementation for our application

Sat, 25 Mar 2017 07:32:28 -0700 

On 24.03.2017 19:32, Kikkeri, Amith wrote:

Hi,
Our application runs on tomcat7 (Port 80) and we don't use a web server. We are 
implementing SSO and planning to use siteMinder. When trying to install 
siteMinder web agent, we realized that it is not recognizing tomcat. Please let 
me  know if there is an option to make siteMinder webagent work with tomcat7.

If it is mandatory to use a web server, can we use IIS.


Hi.
Siteminder is a commercial product, and I would think that their support would be a better place to ask. But if you search Google for "siteminder web agent for tomcat", you'll get plenty of links to get started. 
http://lmgtfy.com/?q=siteminder+web+agent+for+tomcat
From what I gather, there doesn't indeed seem to be a way to integrate this directly in Tomcat (but again, ask on the Siteminder support sites), and you need to use a front-end webserver. 
I that case, Apache and/or IIS will do, using the appropriate "connector" for 
Tomcat.

See here : http://tomcat.apache.org/connectors-doc/)
And here : http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html#Standard_Implementations --> tomcatAuthentication / tomcatAuthorization
The gist is : the front-end webserver does the user authentication using the Siteminder web agent, and then proxies the call to the application which runs under Tomcat. 
And when it does that, it also forwards the user-id to Tomcat.
And in Tomcat, these attributes (tomcatAuthentication / tomcatAuthorization) tell Tomcat to accept the user-id that the front-end sends to it, and use it to authenticate/authorize the same user under Tomcat.
In the links that you will get by searching Google, I have seen several pointing to step-by-step guides to do this. If you encounter a specific Tomcat-related issue while doing this, you are welcome to come back here and ask. But do the Siteminder homework first, because that is not a Tomcat issue. 





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to