On 24.03.2017 19:32, Kikkeri, Amith wrote:
Hi,
Our application runs on tomcat7 (Port 80) and we don't use a web server. We are
implementing SSO and planning to use siteMinder. When trying to install
siteMinder web agent, we realized that it is not recognizing tomcat. Please let
me know if there is an option to make siteMinder webagent work with tomcat7.
If it is mandatory to use a web server, can we use IIS.
Hi.
Siteminder is a commercial product, and I would think that their support would be a better
place to ask.
But if you search Google for "siteminder web agent for tomcat", you'll get plenty of links
to get started.
http://lmgtfy.com/?q=siteminder+web+agent+for+tomcat
From what I gather, there doesn't indeed seem to be a way to integrate this directly in
Tomcat (but again, ask on the Siteminder support sites), and you need to use a front-end
webserver.
I that case, Apache and/or IIS will do, using the appropriate "connector" for
Tomcat.
See here : http://tomcat.apache.org/connectors-doc/)
And here :
http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html#Standard_Implementations -->
tomcatAuthentication / tomcatAuthorization
The gist is : the front-end webserver does the user authentication using the Siteminder
web agent, and then proxies the call to the application which runs under Tomcat.
And when it does that, it also forwards the user-id to Tomcat.
And in Tomcat, these attributes (tomcatAuthentication / tomcatAuthorization) tell Tomcat
to accept the user-id that the front-end sends to it, and use it to authenticate/authorize
the same user under Tomcat.
In the links that you will get by searching Google, I have seen several pointing to
step-by-step guides to do this.
If you encounter a specific Tomcat-related issue while doing this, you are welcome to come
back here and ask. But do the Siteminder homework first, because that is not a Tomcat issue.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org