Sorry, I haven't read the whole thread, but a basic question :
In the tomcat AJP Connector configuration, is "tomcatAuthentication" set to
"no" ?
https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html#Common_Attributes
On 13.07.2021 17:35, Paolo Clerici wrote:
I don't see any ISAPI redirector set up there. I was expecting to see
something like the steps described here:
http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
Yes, if I have not missed something, I think I have done everything
that is written in the document.
The only differences are that there are two sites "prod" and "test" so
the only differences for "test" are:
1) Dll folder: C:\Apache Software Foundation\Jakarta Isapi Redirector\test\bin
2) ISAPI filter name: "Jakarta Connector test" (not "tomcat")
isapi_redirect.properties file content:
extension_uri=/jakarta/isapi_redirect.dll
log_file=C:\Apache Software Foundation\Jakarta Isapi
Redirector\test\log\mod_jk.log
log_level=warn
worker_file=C:\Apache Software Foundation\Jakarta Isapi
Redirector\test\conf\workers.properties
worker_mount_file=C:\Apache Software Foundation\Jakarta Isapi
Redirector\test\conf\uriworkermap.properties
workers.properties file content:
worker.list=dgroupnex02,dgroupnex01
worker.dgroupnex02.type=ajp13
worker.dgroupnex02.host=10.1.2.93
worker.dgroupnex02.port=8009
worker.dgroupnex01.type=ajp13
worker.dgroupnex01.host=10.1.2.39
worker.dgroupnex01.port=8009
uriworkermap.properties file content:
/S2W/*=dgroupnex02
/s2wweb/*=dgroupnex01
/websat/*=dgroupnex02
I would like to tell you that ISAPI redirection of all virtual folders
works perfectly. The only thing that doesn't work is sending the
authorization type and user from IIS to Tomcat.
The only application that needs this functionality is "s2wweb".
Thanks,
Paolo
Il giorno mar 13 lug 2021 alle ore 14:44 Mark Thomas
<ma...@apache.org> ha scritto:
On 13/07/2021 12:29, Paolo Clerici wrote:
Hi Mark,
How did you set up the s2wweb virtual directory?
Physical Path: C:\Apache Software Foundation\virtual\test\s2wweb
Physical Path Credential: blank
Physical Path Credential Logon Type: Clear Text
Virtual Path: /s2wweb
Pass-through authentication: / Connect As: / Path credentials:
Application user (pass-through authentication)
I don't see any ISAPI redirector set up there. I was expecting to see
something like the steps described here:
http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
Mark
Thanks,
Paolo
Il giorno mar 13 lug 2021 alle ore 10:27 Mark Thomas
<ma...@apache.org> ha scritto:
On 13/07/2021 08:49, Paolo Clerici wrote:
Hi Mark,
Are you connecting from a machine that isn't part of the Windows AD?
I have tried both from PCs connected to AD and from PCs not connected to AD.
Normally, I'd expect authentication to work without any password prompt.
If I connect from PC AD I am not asked for credentials (correct). If I
connect from a non-AD PC I am prompted for credentials (correctly).
The credential check is done correctly by IIS.
Are any other authentication mechanisms enabled?
For virtual directory "s2wweb" only "Windows Authentication" is
enabled ("Anonymous Authentication" is disabled). For site "test" is
enabled "Anonymous Authentication".
Are your two test machines (working and not working) connecting to the
same Tomcat instance (and on the same port)?
Yes.
Current IIS server needs to be migrated to a new IIS server. The
current server (Windows Server 2008 R2 with IIS 6.1) is connected to
the same Tomcat server (another Windows Server 2008 R2 with Tomcat
7.0) on the same port (8009).
Again, testing a similar setup locally works as expected. The
authenticated Windows user name is passed to Tomcat.
How did you set up the s2wweb virtual directory?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
