-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David,
On 7/14/2011 10:35 AM, David kerber wrote: > On 7/14/2011 10:20 AM, Pid wrote: >> On 14/07/2011 15:04, David kerber wrote: >>> >>> I'm not "forwarding" at all. The call to tomcat from the IIS >>> page is just the "action" parameter of the form. The only >>> connector is the standard http 1.1 connector. >> >> If their username& password really is configured in IIS, were you >> hoping that Tomcat would magically interface with that? :s > > No, I was just hoping that some request header or parameter with the > user name would be carried over when the call was made to the > servlet, but it's not doing so. I don't need to fully authenticate > them again, but do need their user ID. So, you authenticate with IIS and then make requests directly to Tomcat (no IIS involved), and you want the authentication information to get to Tomcat? That's not going to happen unless you are using HTTP Auth and the original request path (to IIS) is a prefix of the URL used to access Tomcat (and the WWW-Authenticate header is sent with all requests). One option is to have IIS proxy the requests to Tomcat, and then you can get the ISAPI redirector to send-over that authentication information for you. >> Tomcat 7 has SPNEGO support, which might enable cross-server SSO, >> but I'm speculating there. > > I'll see if that might help; I've never heard of it. I have no idea what SPNEGO is, either, but I think it allows Java to authenticate against the Microsoft Windows world. You aren't collecting credentials (from my reading of your posts), so that's not going to be terribly useful to you. Just remember: never trust any information you get from the client. Remember the recent "credit card URL" hack. :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4fAdkACgkQ9CaO5/Lv0PBekACeIWyiDHpjnBD3AsK4gdh6j158 YbUAniE6rnd5f24pGhj6nD4HBPsmxSkm =OO1n -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
