Re: Single sign on issue with Tomcat and Apache

[David Smith]

I'll first admit that I've never used single sign-on, so most of this is 
educated conjecture on my part.  Hopefully it'll spark some discussion 
in the right direction.

Your right -- jvm version is not going to make a difference with the 
issue you are seeing.  Plus upgrading the jvm may break the nine year 
old app -- an excellent case to be made to your client/boss for 
rewriting/upgrading the old app.

The real problem is how the single sign-on id is getting from aaa.com to 
bbb.com.  Cookies won't work as the browser won't return a cookie for 
aaa.com to bbb.com.  That's a security problem if it does.  That leaves 
URL rewriting.  Are you doing anything to make sure the URLs for bbb.com 
have the single sign-on id in the url?  Seems like that's the only way 
for bbb.com to know it's getting a request from a previously 
authenticated user.

--David

sridharmnj wrote:
I hope you did not observe the following lines from my post.
  
bbb.com is an old project which was developed around 9 yrs ago and I am
not allowed to modify/reengineer the architecture. 
    

It is successfully running on those versions in production and client does
not want to upgrade versions for time being. I dont think that the java
version is creating any problem. Do you think so???

My problem is not related to Java version upgrades and its out of scope for
discussion here. I am sure Java version update alone doesnot solve the
issue.


Propes, Barry L wrote:
  
and you're stuck on Java 1.3.1 and cannot go forward?


-----Original Message-----
From: sridharmnj [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2008 4:17 PM
To: users@tomcat.apache.org
Subject: RE: Single sign on issue with Tomcat and Apache



Apache 2.0.50
Tomcat 5.0.27
Java 1.3.1


Propes, Barry L wrote:
    
what versions are you using? Of each?

-----Original Message-----
From: sridharmnj [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2008 3:52 PM
To: users@tomcat.apache.org
Subject: Single sign on issue with Tomcat and Apache



Hi,
I am integrating two websites using single sign on. I have two sites
namely
aaa.com and bbb.com.

When a user navigates from aaa.com, as he is already authenticated in it,
he
should be allowed to bbb.com without asking the credentials again. This
is
my requirement. 

aaa.com is based on Tomcat Form based authentication and working fine.

bbb.com's static data is deployed on apache and it requires apache BASIC
authentication (htttd, and .htaccess). And dynamic data is deployed on
Tomcat and based on Tomcat BASIC authentication.

If I access static data of bbb.com, it first asks for credentials (Using
a
popup), authenticates using mod_auth_mysql, and once the user is
authenticated, it is storing credentials in browser cache. When I
navigate
to dynamic content which is in tomcat, still its working without asking
credentials twice. (I ensured that <realm-name> in web.xml and AuthName
in
.htaccess file are same). 

I enabled SingleSignOn valve in server.xml file, and trying to access
bbb.com from aaa.com. When I try to access dynamic data of bbb.com from
aaa.com, as both are based on Tomcat security, they are sharing the
browser
cached credentials. (Though one is based on form and another is based on
basic authentication model). But, when I try to access bbb.com's static
data
(which is in apache) from aaa.com, again its asking credentials, using a
popup.

bbb.com is an old project which was developed around 9 yrs ago and I am
not
allowed to modify/reengineer the architecture. 

Could any one please guide me in right direction. I appreciate your help.

Thanks,
Sridhar 
--
View this message in context:
http://www.nabble.com/Single-sign-on-issue-with-Tomcat-and-Apache-tp17633391p17633391.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



      
--
View this message in context:
http://www.nabble.com/Single-sign-on-issue-with-Tomcat-and-Apache-tp17633391p17633917.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



    

  


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]