On 14/07/2011 15:04, David kerber wrote: > On 7/14/2011 9:50 AM, André Warnier wrote: >> David kerber wrote: >>> I have a situation where my users will be logging into their pages on >>> an IIS 5 web server, which authenticates them with their user ID and >>> password as configured in IIS. This works fine. >>> >>> Now I need to add some new functionality to the web site that will be >>> using my tomcat webapp, and I don't want them to have to authenticate >>> again in my app, so I'm trying to figure out how to pass the user ID >>> from the web page on IIS, to my webapp. I thought >>> request.getRemoteUser() would do it, but that's returning null, rather >>> than the loggged-in user ID. >>> >> You need to specify what you use to forward requests from IIS to Tomcat. >> If you are using Isapi_Redirect, then set the attribute >> "tomcatAuthentication" to false in the Tomcat AJP <Connector> (in >> server.xml). > > I'm not "forwarding" at all. The call to tomcat from the IIS page is > just the "action" parameter of the form. The only connector is the > standard http 1.1 connector.
If their username & password really is configured in IIS, were you hoping that Tomcat would magically interface with that? :s Tomcat 7 has SPNEGO support, which might enable cross-server SSO, but I'm speculating there. p
signature.asc
Description: OpenPGP digital signature