On 10.09.2019 15:38, Mark Thomas wrote:
On 06/09/2019 13:20, Heidi Leerink - Duverger wrote:
Hello Mark,
That helps somewhat, my browser now shows the login page for our application,
BUT I do not get my username in HTTP variable REMOTE_USER but the principal
keytab related name.
So instead of hduverge I get HTTP/nlsl-decadetst.u4agr.com@U$AGR.COM
The Tomcat Authenticator takes care of validating the user. In the
configuration you provided the JAASRealm is - effectively -
(re-)validating the contents of the keytab file. That is why you see the
keytab principal as the authenticated user.
Try replacing the JAASRealm with the AuthenticatedUserRealm. Something like:
<Realm className="org.apache.catalina.realm.JAASRealm"
allRolesMode="authOnly"
Mmm. That looks like a typo, likely to confuse this OP even more, no ?
Note: This Realm should *only* be used with Authenticators like
org.apache.catalina.authenticator.SpnegoAuthenticator that authenticate
the user since this Realm simply takes the information provided and
assumes it is valid.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org