Chris, On 2024/09/30 14:33:53 Christopher Schultz wrote: > Michael, > > On 9/28/24 13:34, Michael Osipov wrote: > > On 2024/09/27 15:14:15 Christopher Schultz wrote: > >> Sebastian, > >> > >> On 9/27/24 11:04, Sebastian Trost wrote: > >>> Francesco, > >>> > >>> On 26.09.2024 16:12, Francesco Viscomi wrote: > >>>> Hi all, > >>>> I'm not able to understand why I cannot access to > >>>> http://localhost:8080/manager/html > >>>> > >>>> I've configured the user in tomcat.users.xml: > >>>> > >>>> <role rolename="manager-gui"/> > >>>> <user username="admin" password="admin" roles="manager-gui"/> > >>>> > >>>> I'm using tomcat 9; and jdk17; > >>>> > >>>> I've also noted that in my personal pc when try to access manager/html a > >>>> pop up ask me to login (in my personal pc it works right) > >>>> > >>>> While when I try to use it in the company pc it gives me 401 > >>>> unauthorized; > >>>> I do not know what I have to modify on chrome to get access in manager > >>>> app, > >>>> I also use in the company pc Zscaler, but I do not know what I have to > >>>> change in it (eventually) in order to access the manager app. > >>> Your corporate browser probably has basic authentication disabled. Check > >>> this site: https://jigsaw.w3.org/HTTP/Basic > >>> If there is no basic authentication popup where you can enter username/ > >>> password then this is probably the case. > >>> > >>> See: https://answers.microsoft.com/en-us/microsoftedge/forum/all/latest- > >>> version-of-edge-no-longer-shows-basic/3601252b-e56b-46c0-a088-0f6084eabe47 > >> > >> I've really had it with Microsoft deciding that HTTP Basic > >> authentication is just not okay. They seem to have forgotten that TLS > >> makes it secure. > > > > The reasoning is never to share a long term secret: your password. > > HTTP Digest also requires pre-shared passwords.
There is a subtile difference: the password is never transferred over the wire and does not appear on the target server. > >> HTTP Digest is a nightmare, but they are forcing users onto it. > > > > The key is to use SPNEGO in enterprise environments. > > What about non-enterprise environments? IMHO, this is irrelevant for Microsoft. In enterprise you do have at least SPNEGO or even PKI. For non-enterprise I see only Basic as a viable option. Michael --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
