Desired State: When users access secure J2EE apps via IIS 6.0 on port 80, they are challenged, authenticated, authorized and presented with pages from a secure application being served by Tomcat 5.5.15 server on port 8080 even though it appears they are still on port 80.
Problems: Users are challenged by the browser to enter their credentials, but cannot login when entering valid credentials. * If we access the J2EE app via port 80 through IIS with security, we cannot access the J2EE app, users receive a 401 error message from Tomcat. * If we access the J2EE app directly on port 8080 with security, the user may login without a problem and access the J2EE app. * If the J2EE app doesn't have security setup in the web.xml file, the redirect from IIS to Tomcat works just fine. * If the J2EE app has security setup in the web.xml then the redirect does not work and the user cannot log into the J2EE app. * There are no ACLs setup in IIS * IIS logs the 401 errors, but there are no errors in any of the Tomcat logs even when we bump up the logging in Tomcat to "trace" Systems in use: * Tomcat 5.5.15 (running on port 8080) * IIS 6.0 using Integrated Windows Authentication, (running on port 80) * isapi_redirect.dll version 1.2.22.0 * Active Directory 2003 R1 Suspicions: Possibly the redirection of the user with the isapi_redirect.dll is the issue. Credentials are not handed off from IIS to Tomcat. Thanks for any help you can provide. - Brian. This e-mail, including any attachments, may contain highly sensitive and confidential information. It is intended only for the individual(s) named. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.