Savoy, Melinda wrote:
Ranier,
I do not want the user to get prompted at all. I need this to work as a single
sign-on (seamless to the user). Is that not possible? I had tested where when
I got the prompt then I got the Domain\User name but I am needing to avoid the
login dialog box altogether.
Rainer got prompted because he did this test on a "loose" XP
workstation, and he was not yet logged into any domain.
If the workstation is part of a Windows domain, and the user already
logged into the domain, there will be no extra prompt.
What Rainer did, was confirm that when conditions are right for IIS to
authenticate, and the setup is right for this authentication to be
passed to Tomcat, it is, and the gerRemoteUser() returns the logged-in id.
The issue you have, is in the basic setup of how some URLs are or are
not passed to the "right" Tomcat worker. I believe you have one
"virtual website" or whatever IIS calls it, too many, and that the URLs
that are of interest here are not being passed through the channel you
think, and therefore either IIS does not authenticate these SCIMIS URLs
(and consequently does not pass this authentication to Tomcat).
Can you tell us precisely :
- which URLs should be authenticated (give some examples)
- which sub-directories are present under the (tomcat-dir)/webapps
directory (where (tomcat-dir) is the top of your Tomcat installation.
Then we might be able to work out how the virtual websites and
redirector should be configured to make this all work as it should.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
