That is definitely the preferred method and the reason for going to the Tomcat Connector for this authentication process. However, even with the most simple implementation of my index.jsp and web.xml file I cannot get the getRemoteUser() to work.
I am hoping that Ranier is able to look at the log that I sent a few minutes ago and perhaps from there be able to determine where I've messed up in the configuration portion of the ISAPI filter or see something in the log that would show him where this is going wrong that perhaps I can fix(?). As far as trying to get these other variables, I'm not sure how to go about getting them from the request but I'll start researching. Thanks for the additional information. It's appreciated. Regards. -----Original Message----- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: Tuesday, June 22, 2010 2:30 PM To: Tomcat Users List Subject: RE: Still having problem retrieving user value from ISAPI Filter for authentication Hi, Melinda- I'm not sure it's going to be that easy. From what I've read, the NTLM authorization header includes structured data that is encoded using a server nonce and/or the password. However, AUTH_USER, REMOTE_USER and LOGON_USER variables should be available to ISAPI applications with NTLM. I'd be looking on the ISAPI side for a way, maybe a configuration setting, to pass the decoded NTLM credentials to tomcat. -Terence Bandoian Savoy, Melinda wrote: > Question. As my code is currently blowing up when I setup the Base64Decoder > in my constructor I'm getting an error immediately, at any rate I'm working > thru that, but will this DECODE method show me the USERID that I'm looking > for? > > That is what I'm needing. Thank you. > > -----Original Message----- > From: Terence M. Bandoian [mailto:tere...@tmbsw.com] > Sent: Tuesday, June 22, 2010 12:40 PM > To: Tomcat Users List > Subject: RE: Still having problem retrieving user value from ISAPI Filter for > authentication > > Hi, Melinda- > > As Pid suggested, the first part of that string after NTLM in the > authorization header decodes in base64 to 'NTLMSSP'. > > -Terence Bandoian > > > Savoy, Melinda wrote: > >> Thanks Pid, I did do that as well, but I did not see the user value there >> either. >> >> Here is what I got when I did issue the getHeaderNames() and as you can see >> the authorization shows the encrypted NTLM value but it is not decrypted and >> I cannot get to the info though the ISAPI log shows the decrypted value >> which I cannot get to: >> >> =imeHeaders === >> accept = >> accept-language =us >> connection îp-Alive >> host =alhost >> user-agent =illa/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; >> .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; InfoPath.2; >> .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8; MS-RTC EA 2) >> cookie =SSIONID-9AE176A965514B845A6E3A9E83A21E >> authorization =M >> TlRMTVNTUAADAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAABcKIogUBKAoAAAAP >> accept-encoding =p, deflate >> content-length > >> I don't know what I'm doing wrong here. Again, any help is appreciated. >> >> Thanks. >> >> -----Original Message----- >> From: Pid [mailto:p...@pidster.com] >> Sent: Tuesday, June 22, 2010 7:11 AM >> To: Tomcat Users List >> Subject: Re: Still having problem retrieving user value from ISAPI Filter >> for authentication >> >> On 22/06/2010 13:05, Marc Boorshtein wrote: >> >> >>> I haven't tried this with IIS, but we had quite the discussion on this >>> last week with Apache & tomcat with JK. In your server.xml file add >>> tomcatAuthentication=se" to the AJP connector object. If you look >>> in the archives of this list for JK_REMOTE_USER there is a very >>> interesting discussion on the topic. >>> >>> >> Also, you could iterate through the headers in request.getHeaderNames() to >> see what's being passed across to Tomcat. >> >> >> p >> >> >> >> >>> Marc >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> >> >> The information contained in this message and any attachments is intended >> only for the use of the individual or entity to which it is addressed, and >> may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from >> disclosure under applicable law. If you are not the intended recipient, you >> are prohibited from copying, distributing, or using the information. Please >> contact the sender immediately by return e-mail and delete the original >> message from your system. >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > The information contained in this message and any attachments is intended > only for the use of the individual or entity to which it is addressed, and > may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from > disclosure under applicable law. If you are not the intended recipient, you > are prohibited from copying, distributing, or using the information. Please > contact the sender immediately by return e-mail and delete the original > message from your system. > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law. If you are not the intended recipient, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
