File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Tomcat / SSO / Kerberos Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat / SSO / Kerberos" Watch "Tomcat / SSO / Kerberos" New topic
Author

Tomcat / SSO / Kerberos

Alim Sidi
Greenhorn

Joined: Jun 09, 2008
Posts: 1
Hi All,

i have an embeded tomcat running on a web-application and i want to implement a SSO-Login for it.
It should work as follows:
The user of in an intranet (where Kerberos in use) can access this webApp without re-entering their credentials after they authenticated their selves against Kerberos.
I had a suggestion in order get it done, that looks like the following handshake:

1- User enters the URL in a browser to access the App.
2- In Kerberos over http it is common to use SPNEGO Protocol (is that correct?).
The server sends back after this request the following header:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
3- If the browser can understand SPNEGO (that does the most), it sends back the following header:
Authorization: Negotiate a87421000492aa874209af8bc028
4- Evtl. sends the the Server a token confirmation back.

* must tomcat be involved in this scenario somewhere ?
* can i get this done without passing through tomcat?
* where should the authentication in the webApp be implemented? (valve or normal servlet in the webApp)?
* does anybody have an idea to get this better or simpler or is it ok?
* some code examples would be very helpfull

Any kind of help is high regarded.

Thanks
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

"Alim Alim",
Please check your private messages.
-Ben


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat / SSO / Kerberos
 
Similar Threads
SSO using SPNEGO in JBOSS 4.2.2
kerberos/spnego authentication without keytab file
Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO
SSO using SPNego on Kerberos in JBoss 4.2.2
Tomcat: Valve with SPNEGO-Authentication