ilan sch

Greenhorn
+ Follow
since Jan 18, 2016
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by ilan sch

I integrated waffle into my tomcat 7.
I need to define the users in the active directory group that can visit the site, web.xml looks like:



<security-constraint>
<display-name>not relevant</display-name>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<description/>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>workflowusers</role-name>
</auth-constraint>
</security-constraint>

<security-role>
<description>not relevant</description>
<role-name>workflowusers</role-name>
</security-role>

I want all the users of certain group (e.g workflowusers) will be able to access this hosted site.
What is excatly the object i need to create in Active directory and add users to it ?
I Created a workflowusers group under the main DOMAIN object that looks like this (not working..):

"SEE ATTACHED IMAGE FOR ACTIVE DIRECTORY SETTINGS"

This is link instruction from waffle:
https://github.com/dblock/waffle/blob/master/Docs/tomcat/TomcatSingleSignOnValve.md

If i replace the role-name to "Everyone" or place "*" it will work, e.g:

<role-name>workflowusers</role-name>


8 years ago
Hi, thanks for answer.
Tomcat7 has build in support windows integration, i understand that behind the scenes, they use spnego authentication. but i dont see the spnego jar in the lib or anything else regarding to spnego.
I need SSO, So i dont have to use the JNDIRealm ?
Do i need to use JAASRealm ? Or no realm at all, Does kerberos knows automatically to identify itself with active directory ?

My goal is the end-user on a client machine will open internet explorer, browse to http://serverhost/ and will see the webpage. the client credential should be on the "security context" on java server-side.
On the server-side code i will getUserCredentials and confirm the user (this avoids the prompt/form)




8 years ago
Tomcat 7 Windows authentication
Hi, I have followed the guide at https://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html
After setting "Tomcat instance (Windows server)", What is the next step (I configured the DC/Kerberos keytab)? They write on the user guide stuff about the spnego authenticator, BUT they dont mention anywhere to set a spngeo authentication vavle
What am I missing here ?
I need to set JNDI Realm in the context of the localhost tomcat ? In Server.xml on conf folder ? the JNDI will be used in order to perform the actual authentication with Active Directory ?
Thats all ? Or i should add Spngeo authenticator and filters (as mentioned in spnego website) ?
Do i need to add additional jars to lib folder (the spnego jar) ?
What is the tomcat7 implentation for windows authentication (they use spnego behind the scenes?) ?

My goal is to set up tomcat 7 SSO using kerberos. my domain controller and tomcat with the webapp are sitting on different machines but both on Windows Server 2012.
8 years ago