Hello David, it seems there is much more going on than described in your first email.
Just some thoughts: - Passing authentication from Apache to Tomcat must be configured within the connector. If you are using AJP, see https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html --> tomcatAuthenticatoin - According to the access-log you tried to access the root folder / where you got an access denied But the application runs in the context /submitServer - I would first test, if authentication in Apache works before trying to connect Tomcat. This might narrow down the issue. - If Apache Auth works, I would write a dummy application which shows the request headers to verify whether the auth-headers are transferred to tomcat properly Greetings, Thomas -----Ursprüngliche Nachricht----- Von: David Lau <david....@uwaterloo.ca> Gesendet: Freitag, 3. September 2021 12:54 An: Thomas Hoffmann (Speed4Trade GmbH) <thomas.hoffm...@speed4trade.com.INVALID>; Tomcat Users List <users@tomcat.apache.org> Betreff: Re: 403 Error Hi Thomas, Thanks for the response. The application uses ADFS authentication, which should be happening through an Apache httpd server, with the application accessed at https://marmoset.eng.uwaterloo.ca. So is the indication here that the ADFS authentication is not working? Thanks, David Lau ________________________________ From: Thomas Hoffmann (Speed4Trade GmbH) <thomas.hoffm...@speed4trade.com.INVALID> Sent: Friday, September 3, 2021 2:26 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: AW: 403 Error Hello, I'm at a loss on how to track down why I'm getting a 403 error. My server.xml file and some logs follow: server.xml <?xml version="1.0" encoding="UTF-8"?> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <GlobalNamingResources> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <Service name="Catalina"> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false" address="eng-eugo-mms0.private.uwaterloo.ca" secretRequired="false"/> <Engine name="Catalina" defaultHost="localhost"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Context path="" docBase="submitServer" debug="0" reloadable="true"/> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Host> </Engine> </Service> </Server> localhost_access_log.2021-09-03.txt 10.40.120.133 - - [03/Sep/2021:03:13:34 +0000] "GET / HTTP/1.1" 403 627 10.40.120.133 - - [03/Sep/2021:03:13:34 +0000] "GET /favicon.ico HTTP/1.1" 403 627 catalina.out (last 10 lines) <6>Starting service [Catalina] <6>Starting Servlet engine: [Apache Tomcat/9.0.31 (Ubuntu)] <6>At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. log4j:INFO Using URL [file:/usr/share/tomcat9/webapps/submitServer/WEB-INF/classes/log4j.properties] for automatic log4j configuration of repository named [default]. <6>Deploying web application archive [/usr/share/tomcat9/webapps/submitServer.war] <6>At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. <6>Deployment of web application archive [/usr/share/tomcat9/webapps/submitServer.war] has finished in [870] ms <6>Starting ProtocolHandler ["http-nio-8080"] <6>Starting ProtocolHandler ["ajp-nio-172.18.15.61-8009"] <6>Server startup in [2,351] milliseconds catalina.2021-09-03.log (last 10 lines) 03-Sep-2021 03:13:29.144 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [469] milliseconds 03-Sep-2021 03:13:29.195 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina] 03-Sep-2021 03:13:29.195 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.31 (Ubuntu)] 03-Sep-2021 03:13:30.500 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. 03-Sep-2021 03:13:30.605 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/usr/share/tomcat9/webapps/submitServer.war] 03-Sep-2021 03:13:31.459 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. 03-Sep-2021 03:13:31.476 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/usr/share/tomcat9/webapps/submitServer.war] has finished in [870] ms 03-Sep-2021 03:13:31.482 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"] 03-Sep-2021 03:13:31.489 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-172.18.15.61-8009"] 03-Sep-2021 03:13:31.495 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [2,351] milliseconds localhost.2021-09-03.log (last 5 lines) 03-Sep-2021 03:13:31.473 FINE [main] org.apache.catalina.core.StandardContext.filterStart Starting filter 'QueryTestOutcomesFilter' 03-Sep-2021 03:13:31.473 FINE [main] org.apache.catalina.core.StandardContext.filterStart Starting filter 'ServletExceptionFilter' 03-Sep-2021 03:13:31.474 FINE [main] org.apache.catalina.core.StandardContext.filterStart Starting filter 'BuildServerAuthenticationFilter' 03-Sep-2021 03:13:31.474 FINE [main] org.apache.catalina.core.StandardContext.filterStart Starting filter 'ProjectJarfileFilter' 03-Sep-2021 03:13:31.474 FINE [main] org.apache.catalina.core.StandardContext.filterStart Starting filter 'InstructorActionFilter' Any assistance would be greatly appreciated. Thanks, David --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hello David, 403 means access denied. You only showed the server.xml configuration. Which authentication is needed is configured in the application, mostly in web.xml (if standard functions are used). You deployed a web-application "submitServer.war", so the URL should look like http://localhost/submitServer/.... For accessing localhost/ you would need an application, deployed as ROOT.war Greetings, Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
