RE: form based authentication

Jill Han Wed, 22 Apr 2009 12:41:47 -0700

Some corrections on the previous email.
I should say 
When singleSignOn is commented, those tasks can be achieved if basic 
authentication as 
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>TEST</realm-name> 
  </login-config>
 is used.


-----Original Message-----
From: Jill Han 
Sent: Wednesday, April 22, 2009 2:12 PM
To: 'Tomcat Users List'
Subject: RE: form based authentication

There is single <Host> in server.xml
<Engine name="Catalina" defaultHost="localhost">
      ...
        <Realm className="org.apache.catalina.realm.JNDIRealm"
              debug="99"
              connectionName="****"
              connectionPassword="****"
              connectionURL="ldap://url:389";
              alternateURL="ldap://url:389";
              userBase="DC=AC"
              userSearch="(sAMAccountName={0})"
              userRoleName="memberof"
              roleBase="DC=AC"
              roleName="cn"
              roleSearch="(uniqueMember={0})"
              userSubtree="true"
              roleSubtree="false"
      />
     ...
      <Host name="localhost" appBase="webapps"
       unpackWARs="true" autoDeploy="true"
       xmlValidation="false" xmlNamespaceAware="false">        
        
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" 
debug="0"/>
        
      </Host>
</Engine>
What I want to do is all the applications have the same realm config in 
server.xml. When it comes to the different 
Applications, the authentication will be performed based on application very 
own web.xml.
If the applications in the web.xml have the same <realm-name>, those 
applications just need to be authenticated once.
If the applications in the web.xml have different <realm-name>, those 
applications need to be authenticated separately.

Those tasks can be achieved if basic authentication as 
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>TEST</realm-name> 
  </login-config>
 is used.

-----Original Message-----
From: Caldarale, Charles R [mailto:[email protected]] 
Sent: Wednesday, April 22, 2009 12:12 PM
To: Tomcat Users List
Subject: RE: form based authentication

> From: Jill Han [mailto:[email protected]]
> Subject: RE: form based authentication
> 
> However, this makes authentication activated only once although the
> applications have different realms.

To quote from the SSO doc:

"All web applications configured for this virtual host must share the same 
Realm."

http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On

Can you separate the various <Realm>s by <Host>?  Or are you stuck with a 
single <Host>?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

RE: form based authentication

Reply via email to