Hi Team,
We are trying to implement SSO using windows integrated authentication (NTLM)
on Apache Tomcat 8.0.22 through reverse proxy in IIS.
We were able to pass the Authentication token to Apache , but the apache is not
allowing the IIS authentication to pass through. It is not recognizing what
authentication is coming by the reverse proxy IIS server request.
[Authentication (NTLM) --> Reverse proxy --> pass the call with NTLM token to
to Apache Tomcat]
For "AJP/1.3" connection protocol there is an attribute "tomcatAuthentication"
which allows Apache to use the authentication user information from IIS.
But we didn't found anything similar for "HTTP/1.1" connection protocol, can
you please help.
Our application is hosted on HTTP 1.1 connector using SSL, Please find the
below Server.xml details ;
<Connector port="9012" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="9011" />
<Connector port="9011" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
SSLVerifyClient="require" SSLEngine="on"
SSLVerifyDepth="2"
keystoreFile="D:\SWEAPP\applicationcontainer\siebelcerts\siebelkeystore.jks"
keystorePass="abcd" keystoreType="JKS"
truststoreFile="D:\SWEAPP\applicationcontainer\siebelcerts\siebeltruststore.jks"
truststorePass="abcd" truststoreType="JKS"
clientAuth="false" sslProtocol="TLS"/>
Many Thanks for your help
Regards,
Suraj
----------------------------------------------------------------------
This message and any attachments are intended only for the use of the addressee
and may contain information that is privileged and confidential. If the reader
of the message is not the intended recipient or an authorized representative of
the intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication
in error, notify the sender immediately by return email and delete the message
and any attachments from your system.
