aspose file tools*
The moose likes Tomcat and the fly likes Tomcat / SSO / Kerberos Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat / SSO / Kerberos" Watch "Tomcat / SSO / Kerberos" New topic
Author

Tomcat / SSO / Kerberos

Alim Sidi
Greenhorn

Joined: Jun 09, 2008
Posts: 1
Hi All,

i have an embeded tomcat running on a web-application and i want to implement a SSO-Login for it.
It should work as follows:
The user of in an intranet (where Kerberos in use) can access this webApp without re-entering their credentials after they authenticated their selves against Kerberos.
I had a suggestion in order get it done, that looks like the following handshake:

1- User enters the URL in a browser to access the App.
2- In Kerberos over http it is common to use SPNEGO Protocol (is that correct?).
The server sends back after this request the following header:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
3- If the browser can understand SPNEGO (that does the most), it sends back the following header:
Authorization: Negotiate a87421000492aa874209af8bc028
4- Evtl. sends the the Server a token confirmation back.

* must tomcat be involved in this scenario somewhere ?
* can i get this done without passing through tomcat?
* where should the authentication in the webApp be implemented? (valve or normal servlet in the webApp)?
* does anybody have an idea to get this better or simpler or is it ok?
* some code examples would be very helpfull

Any kind of help is high regarded.

Thanks
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

"Alim Alim",
Please check your private messages.
-Ben


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat / SSO / Kerberos