Dear all,
as tomcat version 9.0.31 has some security fixes included I tried to do
an upgrade.
On the IIS tomcat connector version 1.2.46 is installed.
As secret I use a 32 character long alpha numeric string, I name it here
token.
In the workers.properties I tried to define it on the load balancer
line:
worker.loadbalancer.secret=token
And/or on each node:
worker.node1.secret=token
...
worker.node2.secret=token
For the tomcat configuration I defined in server.xml the following AJP
connector:
<Connector protocol="AJP/1.3"
address="::"
port="8009"
tomcatAuthentication="false"
enableLookups="false"
secret="token"
redirectPort="8443" />
But it does not work. It seems that tomcat does not answer here.
If I downgrade to tomcat 9.0.29 it works without any problems.
I started then wireshark and had a look into the traffic coming from the
IIS.
From IIS is see a AJP13 connection with the following content in "Apache
JServ Protocol v1.3" part in wireshark:
...
Sec-Fetch-User: ?1
token
INTERNAL\user
Negotiate
...
as the token is here included the secret configuration is maybe correct.
The token is here equal to the token define on IIS-tomcat-connector and
the tomcat server.xml AJP definition.
Tomcat is sending back a "0:RSP:SEND HEADERS:403 403"
The IIS is doing authentication is is then just sending the user to
tomcat.
Regarding the documentation everything seems to be configured correctly,
but it does not work.
Could anyone help me here, please?
--
Thanks a lot
Matthias
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
