I am curious whether you're using IIS for anything other than single sign-on / authentication?
If you're not, check out http://waffle.codeplex.com - there's a new Negotiate (Kerberos + NTLM) authenticator. This could remove IIS from your entire picture. dB. @ dblock.org Moscow|Geneva|Seattle|New York -----Original Message----- From: Savoy, Melinda [mailto:melindasa...@texashealth.org] Sent: Monday, May 24, 2010 7:03 PM To: Tomcat Users List; Tomcat Users List Subject: RE: Question on workers.properties file Andre, Sorry for creating confusion on the other post. I will stick with this post as well. I made changes to the setting here: I think the problem is right there, and in the worker mappings you mentioned earlier : >> /examples/*=scmisWorker >> /examples/*.jsp=scmisWorker >> /examples/servlet/*=scmisWorker to /*=scmisWorker /*.jsp=scmisWorker /servlet/*=scmisWorker That is why in the log that I had sent stated it as such. I have looked on the Apache Tomcat website to find documentation on the setup of IIS with Tomcat. I made the change above because I had forgotten to change it from the example that I found in the documentation, again my apologies for that. Given the settings that I identified in IIS I can not get authenticated. That is why I think it is an authentication issue. I have gone back and checked each setting but cannot find a problem. That is why I sent my setting so that perhaps someone on this list might see something that I have overlooked. I'll keep trying. Thanks. ________________________________________ From: André Warnier [...@ice-sa.com] Sent: Monday, May 24, 2010 15:49 To: Tomcat Users List Subject: Re: Question on workers.properties file Savoy, Melinda wrote: > Andre, > > Thanks for the reply. I was finally able to get my the LOG file created. I > had NOT setup my virtual website, SCMIS, in addition to the JAKARTA virtual > website in IIS and consequently I kept using Tomcat to authenticate instead > of using IIS to do so and it was never hitting my website > > I think it has something to do with the settings in my IIS setting. I still > cannot get the value from getRemoteUser() because the user is blank as is > indicated in the log below. ANY help/direction would be greatly appreciated. > > The URL that I am using to access my SCMIS virtual website is: > http://localhost/SCMIS/index.jsp > > In IIS I have the following: > > Default Web Site - Anonymous access checked and Integrated Windows > authentication unchecked > Jakarta - virtual web site and Anonymous access checked and Integrated > Windows authentication unchecked > SCMIS - virtual web site and Anonymous access unchecked and Integrated > Windows authentication checked > > I have attached the entries in the log file that just happened: I think the problem is right there, and in the worker mappings you mentioned earlier : >> /examples/*=scmisWorker >> /examples/*.jsp=scmisWorker >> /examples/servlet/*=scmisWorker Now in your logfile, you have : [Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/servlet/*=scmisWorker' source 'uriworkermap' [Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c (850): Attempting to map context URI '/*.jsp=scmisWorker' source 'uriworkermap' [Mon May 24 10:10:02.781 2010] [8124:7912] [debug] jk_uri_worker_map.c (863): Found a wildchar match '/*.jsp=scmisWorker' Assuming the mappings above, then why is it trying to match '/servlet/*=scmisWorker' and '/*.jsp=scmisWorker' ? That does not fit. Those mappings are not in your list above. Again, I am no expert on IIS or on the Jk redirector in conjunction with it, but my little finger tells me that there is something very wrong somewhere. I have the feeling that your problem is not really related to authentication (or the lack of it). It is that there is some confusion as to the proper setup of IIS and Tomcat together, and how IIS handles "virtual websites". Maybe we should restart from the beginning, like here : When you look at the ...\Tomcat 6.0\webapps directory, what are the sub-directories located just below it ? And , just to gain time, out of these, which is the one that corresponds to the application which /should/ be authenticated ? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law. If you are not the intended recipient, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.819 / Virus Database: 271.1.1/2894 - Release Date: 05/24/10 14:26:00 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
