Seema Patel wrote:
Hi,
We are using Apache Tomcat 5.5, JDK 1.5 and have a internal portal on our
intranet which is written in java jsp struts and jsp.
I know that the tomcat and Java versions are old, but upgrading isn't a quick
thing to do without lots of testing.
The issue we have is that the users keep getting the authentication box popping
up asking for username and password when using the portal in Internet Explorer.
One of the users has noticed that when they use Chrome, they don't seem to get this popup constantly. Authentication is against the Active Directory using JCIFS (I know it's discontinued, but to re-write and test is not feasible at the moment). The users are meant to be using Internet Explorer as not everything works in Chrome.
We have been trying to work out this issue for some time, with no success. The
user saying that it works in Chrome makes us wonder if there's something within
Internet Explorer that is possibly dropping the connection or something for it
to keep asking the user for username and password. Or is there something that
Internet Explorer doesn't like with Apache Tomcat?
Any help/guidance on this issue is greatly appreciated.
Hi.
Tomcat 5.5 is old.
The JCIFS http/NTLM authentication filter is old and deprecated and does not work anymore
in any recent Windows Domain setup, because it only works with NTLM v1.
Please read the first paragraph in blue here :
http://jcifs.samba.org/src/docs/ntlmhttpauth.html
and *believe what it says, it is true*.
(Look at Jespa @ www.ioplex.com for a painless replacement)
(look at a more recent version of Tomcat and the SPNEGO authentication valve for another
possible replacement)
A login dialog that pops up in the browser when it should not, indicates one thing for
sure : /something/ is not working in the WIA (Windows Integrated Authentication).
But what that something is in your case, is impossible to say from outside of
your network.
It is almost certainly not a browser problem.
It may be things like :
- some of the clients are running newer versions of Windows and/or browsers which will not
accept NTLMv1 authentication anymore
- in your network, there are multiple Domain Controllers, some of which younger than
others. Some still accept to do NTLMv1 authentication, some do not. As your clients get
one or the other (quasi randomly) it sometimes works, and sometimes not.
- and a large number of possible other reasons
The one certainty is : you are using obsolete software and solutions, and nobody will be
able to give you any miracle solution for that. The sooner you accept that, the less
time you will lose in the end.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
