It's not a secret anymore!
The moose likes Tomcat and the fly likes Single sign on issue with Tomcat and Apache Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Make it so: Java DB Connections & Transactions this week in the JDBC forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Single sign on issue with Tomcat and Apache" Watch "Single sign on issue with Tomcat and Apache" New topic

Single sign on issue with Tomcat and Apache

Sridhar Gudipalli
Ranch Hand

Joined: Nov 02, 2005
Posts: 120
I am integrating two websites using single sign on. I have two sites namely and

When a user navigates from, as he is already authenticated in it, he should be allowed to without asking the credentials again. This is my requirement. is based on Tomcat Form based authentication and working fine.'s static data is deployed on apache and it requires apache BASIC authentication (htttd, and .htaccess). And dynamic data is deployed on Tomcat and based on Tomcat BASIC authentication.

If I access static data of, it first asks for credentials (Using a popup), authenticates using mod_auth_mysql, and once the user is authenticated, it is storing credentials in browser cache. When I navigate to dynamic content which is in tomcat, still its working without asking credentials twice. (I ensured that <realm-name> in web.xml and AuthName in .htaccess file are same).

I enabled SingleSignOn valve in server.xml file, and trying to access from When I try to access dynamic data of from, as both are based on Tomcat security, they are sharing the browser cached credentials. (Though one is based on form and another is based on basic authentication model). But, when I try to access's static data (which is in apache) from, again its asking credentials, using a popup. is an old project which was developed around 9 yrs ago and I am not allowed to modify/reengineer the architecture.

Could any one please guide me in right direction. I appreciate your help.


Sridhar Gudipalli|SCJP 6.0
SCWCD objectives
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

"Sridhar Mnj",
Please check your private messages regarding an important administrative matter.

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
I agree. Here's the link:
subject: Single sign on issue with Tomcat and Apache
It's not a secret anymore!