File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Tomcat / SSO / Kerberos Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat / SSO / Kerberos" Watch "Tomcat / SSO / Kerberos" New topic

Tomcat / SSO / Kerberos

Alim Sidi

Joined: Jun 09, 2008
Posts: 1
Hi All,

i have an embeded tomcat running on a web-application and i want to implement a SSO-Login for it.
It should work as follows:
The user of in an intranet (where Kerberos in use) can access this webApp without re-entering their credentials after they authenticated their selves against Kerberos.
I had a suggestion in order get it done, that looks like the following handshake:

1- User enters the URL in a browser to access the App.
2- In Kerberos over http it is common to use SPNEGO Protocol (is that correct?).
The server sends back after this request the following header:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
3- If the browser can understand SPNEGO (that does the most), it sends back the following header:
Authorization: Negotiate a87421000492aa874209af8bc028
4- Evtl. sends the the Server a token confirmation back.

* must tomcat be involved in this scenario somewhere ?
* can i get this done without passing through tomcat?
* where should the authentication in the webApp be implemented? (valve or normal servlet in the webApp)?
* does anybody have an idea to get this better or simpler or is it ok?
* some code examples would be very helpfull

Any kind of help is high regarded.

Ben Souther

Joined: Dec 11, 2004
Posts: 13410

"Alim Alim",
Please check your private messages.

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
I agree. Here's the link:
subject: Tomcat / SSO / Kerberos
It's not a secret anymore!