hi ! i'm working on single sign on, i've already solved the problem of having a single login/password pair for every webapp, but now the next step is to make clients (in this case internet explorer) to send user credentials automatically to the server. i've explored ms ntlm and kerberos but it stop working when i use a web server as a proxy that redirects user requests to the servlet container, i need to do this to acheiving session fail over and load balancing. does anyone knowns a better alternative for achieving this results? thanks for your help !
I'm not sure, but I thought you could have Tomcat sessions saved to an external database to accomplish this same thing. It might be worth looking into; it could save you a lot of coding...
Mensa member, Certified bartender, Created the Internet (along with Al Gore), Speak 9 languages fluently (this includes pig latin), Spelling Bee Winner, 8th Grade Math Award, Can hold breath under water for more than 2 minutes
Joined: Oct 03, 2003
you mean having tomcat sessions on external DB to for session failover? thats a posibility but i need the web server in front so the final user see only one server for everything he do
Joined: Oct 15, 2003
Having the sessions stored externally should provide both persistent sessions AND load balancing capabilities. Is there another requirement besides those two? I say "should" because I've not actually tried it. Here's a brief article: JDBCStore for Persistent Sessions
One nice solution to the Single Sign On problem is Yale University's Central Authentication Service. Source code available from their site; consists of a central authentication server and several options for client (JSP taglib, filters, Apache module, etc.) Central Authnetication Service Doesn't address some of the other load balancing issues in this thread, but is my favorite single-sign-on solution.