jQuery in Action, 3rd edition
The moose likes Tomcat and the fly likes Single sign on issue with Tomcat and Apache Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Single sign on issue with Tomcat and Apache" Watch "Single sign on issue with Tomcat and Apache" New topic

Single sign on issue with Tomcat and Apache

Sridhar Gudipalli
Ranch Hand

Joined: Nov 02, 2005
Posts: 120
I am integrating two websites using single sign on. I have two sites namely aaa.com and bbb.com.

When a user navigates from aaa.com, as he is already authenticated in it, he should be allowed to bbb.com without asking the credentials again. This is my requirement.

aaa.com is based on Tomcat Form based authentication and working fine.

bbb.com's static data is deployed on apache and it requires apache BASIC authentication (htttd, and .htaccess). And dynamic data is deployed on Tomcat and based on Tomcat BASIC authentication.

If I access static data of bbb.com, it first asks for credentials (Using a popup), authenticates using mod_auth_mysql, and once the user is authenticated, it is storing credentials in browser cache. When I navigate to dynamic content which is in tomcat, still its working without asking credentials twice. (I ensured that <realm-name> in web.xml and AuthName in .htaccess file are same).

I enabled SingleSignOn valve in server.xml file, and trying to access bbb.com from aaa.com. When I try to access dynamic data of bbb.com from aaa.com, as both are based on Tomcat security, they are sharing the browser cached credentials. (Though one is based on form and another is based on basic authentication model). But, when I try to access bbb.com's static data (which is in apache) from aaa.com, again its asking credentials, using a popup.

bbb.com is an old project which was developed around 9 yrs ago and I am not allowed to modify/reengineer the architecture.

Could any one please guide me in right direction. I appreciate your help.


Sridhar Gudipalli|SCJP 6.0
SCWCD objectives
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

"Sridhar Mnj",
Please check your private messages regarding an important administrative matter.

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
I agree. Here's the link: http://aspose.com/file-tools
subject: Single sign on issue with Tomcat and Apache
It's not a secret anymore!