Alim Sidi

Greenhorn
+ Follow
since Jun 09, 2008
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Alim Sidi

Hi All,

i have an embeded tomcat running on a web-application and i want to implement a SSO-Login for it.
It should work as follows:
The user of in an intranet (where Kerberos in use) can access this webApp without re-entering their credentials after they authenticated their selves against Kerberos.
I had a suggestion in order get it done, that looks like the following handshake:

1- User enters the URL in a browser to access the App.
2- In Kerberos over http it is common to use SPNEGO Protocol (is that correct?).
The server sends back after this request the following header:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
3- If the browser can understand SPNEGO (that does the most), it sends back the following header:
Authorization: Negotiate a87421000492aa874209af8bc028
4- Evtl. sends the the Server a token confirmation back.

* must tomcat be involved in this scenario somewhere ?
* can i get this done without passing through tomcat?
* where should the authentication in the webApp be implemented? (valve or normal servlet in the webApp)?
* does anybody have an idea to get this better or simpler or is it ok?
* some code examples would be very helpfull

Any kind of help is high regarded.

Thanks
15 years ago