• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat / SSO / Kerberos

 
Alim Sidi
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

i have an embeded tomcat running on a web-application and i want to implement a SSO-Login for it.
It should work as follows:
The user of in an intranet (where Kerberos in use) can access this webApp without re-entering their credentials after they authenticated their selves against Kerberos.
I had a suggestion in order get it done, that looks like the following handshake:

1- User enters the URL in a browser to access the App.
2- In Kerberos over http it is common to use SPNEGO Protocol (is that correct?).
The server sends back after this request the following header:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
3- If the browser can understand SPNEGO (that does the most), it sends back the following header:
Authorization: Negotiate a87421000492aa874209af8bc028
4- Evtl. sends the the Server a token confirmation back.

* must tomcat be involved in this scenario somewhere ?
* can i get this done without passing through tomcat?
* where should the authentication in the webApp be implemented? (valve or normal servlet in the webApp)?
* does anybody have an idea to get this better or simpler or is it ok?
* some code examples would be very helpfull

Any kind of help is high regarded.

Thanks
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic