On 1:59 PM, chris derham wrote:
But for _transparent_ authentication IIS is required as Christopher
mentioned.
That is not true. You can use SPNEGO to setup transparent authentication
directly to tomcat. You do not need IIS. This means that a browser accesses
a protected url on the server, and the server and browser "discuss" who the
user is, and then the application is presented with that information. This
discussion is transparent and involves no user interaction. This can be
done by default in IE and I believe chrome, but firefox is more secure so
needs to have explicitly have this authentication security enabled - by
default it is turned off to stop hackers falsely requesting the details
from a malicious server
HTH
Chris
You might also consider using Waffle:
http://waffle.codeplex.com/
which does not require IIS and supports NTLM and Kerberos. I've used it
as a valve with Tomcat and believe it is also available as a filter.
Both Internet Explorer and Firefox have settings to enable or disable
automatic login.
A brief mention is made in the Tomcat docs:
http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html
-Terence Bandoian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
