Re: SingleSignOn Valve Not Challenging

2007-05-10 Thread David Delbecq
Or, like us, use an old "bugged" tomcat version that allowed, on * role "all authenticated users" instead of "all user having a role enumerated in web.xml". Those old tomcat version break servlet specs but are handy if you are not too regardant to specifications :) Or use your own realm that add a

Re: SingleSignOn Valve Not Challenging

2007-05-10 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, Daniel Curran wrote: > Is there a way to authenticate the user without requiring a specific role? As has been previously stated, the * in your deployment descriptor will work; you just have to make sure that you have define all possible role

RE: SingleSignOn Valve Not Challenging

2007-05-10 Thread Caldarale, Charles R
> From: Daniel Curran [mailto:[EMAIL PROTECTED] > Subject: Re: SingleSignOn Valve Not Challenging > > The role has to be in LDAP as well as enumerated in a > security-role list? Yes. The source of the role associated with the principal is completely independent of the autho

Re: SingleSignOn Valve Not Challenging

2007-05-10 Thread Daniel Curran
: Daniel Curran [mailto:[EMAIL PROTECTED] Subject: Re: SingleSignOn Valve Not Challenging I have added an auth constraint * To quote from the servlet spec: 'The special role name "*" is a shorthand for all role names defined in the deployment descriptor.' You sti

Re: SingleSignOn Valve Not Challenging

2007-05-10 Thread Filip Hanik - Dev Lists
h tomcat's security setup, but I am not sure where to look or how to debug this as no logs are being generated that would show me what/where the error might be. Thanks, Dan Caldarale, Charles R wrote: From: Daniel Curran [mailto:[EMAIL PROTECTED] Subject: SingleSignOn Valve

RE: SingleSignOn Valve Not Challenging

2007-05-10 Thread Caldarale, Charles R
> From: Daniel Curran [mailto:[EMAIL PROTECTED] > Subject: Re: SingleSignOn Valve Not Challenging > > I have added an auth constraint > > > * > To quote from the servlet spec: 'The special role name "*" is a shorthand for all role names defined in

Re: SingleSignOn Valve Not Challenging

2007-05-10 Thread Daniel Curran
ECTED] Subject: SingleSignOn Valve Not Challenging Example Security Constraint Protected Area /* BASIC Single Sign-on Example You're missing within and within . - Chuck THIS COMMUNICATION M

RE: SingleSignOn Valve Not Challenging

2007-05-09 Thread Caldarale, Charles R
> From: Daniel Curran [mailto:[EMAIL PROTECTED] > Subject: SingleSignOn Valve Not Challenging > > > Example Security Constraint > > Protected Area > /* > > > > BASIC > Single

SingleSignOn Valve Not Challenging

2007-05-09 Thread Daniel Curran
I am attempting to get the SingleSignOn valve to challenge requests to my web application. I have a basic LDAP setup and would like the validation to be routed to the LDAP. The engine portion of server.xml is as follows: debug="99" connectionName="