On Mon, Jan 27, 2014 at 1:20 PM, André Warnier <a...@ice-sa.com> wrote: > On this list, please do not top-post. Read the list rules. > Reply below the question, it is easier for everyone to figure out what you > are responding to. See below. > > >> >> On Mon, Jan 27, 2014 at 10:47 AM, Mark Thomas <ma...@apache.org> wrote: >>> >>> On 27/01/2014 09:43, Marco Pizzoli wrote: >>>> >>>> Hi all, >>>> I'm fairly new to Tomcat and to this mailing list, so apologies in >>>> advance if not being clear in explaining my problem. >>>> >>>> I'm tasked with the implementation of JAAS for a web application by >>>> leveraging the existing LDAP server (MSAD) present at our company. >>> >>> Do you have to use JAAS? If you used the JNDI Realm you could take >>> advantage of SPNEGO support. >>> > Marco Pizzoli wrote: >> Hi Mark, >> Thanks for your reply. >> >> Yes I expressly need JAAS. This is a requirement coming from the >> provider of an external software vendor. It leverages "principals". >> > > For info : > > Quite apart from which solution you are using, there are a number of reasons > why a Windows-domain like authentication may not be working. > - the workstation has to be in the domain (seems evident, but for example > that it will not work if the workstation accesses this server from the > Internet; in some VPN cases, it may also not work) > - the Tomcat server itself has to be recognised as being a member of the > same Domain, or a trusted Domain > - Windows on the workstation must consider the Tomcat server as at least a > "trusted" host > - the browser used may also have restrictions as to what host it will even > attempt to do a WIA authentication with. (WIA = Windows Integrated > Authentication) > > In other words : even if the add-on modules server-side should work and even > if your configuration server-side seems to be ok, there might be > workstation-side reasons why this is not working, and you must make sure > that these possible reasons are also eliminated. If the brower, for whatever > reason, is not even trying a WIA, then the server side will not show any > attempt to do the corresponding authentication. > Which seems to be your case, as you describe it. >
Hi Andre', you're right. Sorry for having top-posted. Coming to your answer, I never talked about WIA (Windows Integrated Authentication) but just LDAP. I'm just interested in learning how to integrate Tomcat with LDAP by leveraging the JAAS framework. My MSAD is being used, in this context at least, as a pure LDAP directory. I'm not interested in leveraging any workstation-side authentication (kerberos/spnego/etc..). Thanks for having answered Marco --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
