This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Single sign on issue with Tomcat and Apache Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Single sign on issue with Tomcat and Apache" Watch "Single sign on issue with Tomcat and Apache" New topic
Author

Single sign on issue with Tomcat and Apache

Sridhar Gudipalli
Ranch Hand

Joined: Nov 02, 2005
Posts: 120
Hi,
I am integrating two websites using single sign on. I have two sites namely aaa.com and bbb.com.

When a user navigates from aaa.com, as he is already authenticated in it, he should be allowed to bbb.com without asking the credentials again. This is my requirement.

aaa.com is based on Tomcat Form based authentication and working fine.

bbb.com's static data is deployed on apache and it requires apache BASIC authentication (htttd, and .htaccess). And dynamic data is deployed on Tomcat and based on Tomcat BASIC authentication.

If I access static data of bbb.com, it first asks for credentials (Using a popup), authenticates using mod_auth_mysql, and once the user is authenticated, it is storing credentials in browser cache. When I navigate to dynamic content which is in tomcat, still its working without asking credentials twice. (I ensured that <realm-name> in web.xml and AuthName in .htaccess file are same).

I enabled SingleSignOn valve in server.xml file, and trying to access bbb.com from aaa.com. When I try to access dynamic data of bbb.com from aaa.com, as both are based on Tomcat security, they are sharing the browser cached credentials. (Though one is based on form and another is based on basic authentication model). But, when I try to access bbb.com's static data (which is in apache) from aaa.com, again its asking credentials, using a popup.

bbb.com is an old project which was developed around 9 yrs ago and I am not allowed to modify/reengineer the architecture.

Could any one please guide me in right direction. I appreciate your help.

Thanks,
Sridhar


Sridhar Gudipalli|SCJP 6.0
SCWCD objectives
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

"Sridhar Mnj",
Please check your private messages regarding an important administrative matter.
-Ben


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Single sign on issue with Tomcat and Apache
 
Similar Threads
Using default JAAS Mechanism in Websphere makes applications to access the context path of the other
apache-tomcat-6.0.16 - mod_auth_kerb
Login Window in Html page Apache style
Possible Cookie Creation Problem on Tomcat 6
Authentication using Sun Access Manager 7 and webmethods portal