Hi Stephane, > -----Ursprüngliche Nachricht----- > Von: Stephane Passignat <passig...@hotmail.com> > Gesendet: 13 March 2020 17:53 > An: Tomcat Users List <users@tomcat.apache.org>
> Actually I have Apache2 operating as proxy and authenticate layer (HTTP > Form and HTTP Basic), in front of several Tomcat instances and webapps. > Apache pushes the userId to tomcat through AJP. > On tomcat side, the webapp has a Basic login-module in web.xml. > > I'm quite satisfied of the result, authentication and authorization are > out of the application scope. The deployment and maintenance of > application is super easy. The sensitive maintenance of authentication > is made by a dedicated team... > > I wish to improve that adding OpenId Authentication, keeping apache as > authentication layer with an openid connector, but the one I saw > doesn't seems to be used a lot and is not available as precompiled for > my os... > I'm looking also at moving authentication at tomcat level with an > openid Realm. It's not ideal because of the large number of > applications are servers do impact and network configuration to change, > ... > > > > Does someone have experience in this architecture ? Do you have some > recommendation for Apache Module or Tomcat Realm to use ? We implement a server extension (with help of nimbusd-library on top of jaspic), that works on tomcat9 (and all other java-ee application server). See here ==> https://connect2id.com/products/nimbus-oauth-openid-connect-sdk Unfortunately it is not open source, yet. -- Mit freundlichen Grüßen / Kind Regards/ नमस्ते(Namaste) Bernd Schatz ITT/FT - Java Free and Open Source Software (JFoSS) HPC Z252 Gebäude VDZ Ost 1.OG Plieninger Str. 150 70567 Stuttgart Bernd Schatz Büro: +49 711 17 41463 Mobile: +49 151 5862 6591 FAX: +49 711 17 7904 1252 mailto:bernd.sch...@daimler.com https://git.daimler.com/jfoss https://matter.i.daimler.com https://matter.i.daimler.com/daimler-ag/channels/jfoss If you are not the addressee, please inform us immediately that you have received this e-mail by mistake, and delete it. We thank you for your support.
