Spnego to Tomcat Fronted by Apache
Douglas E. Engert
deengert at anl.gov
Wed Feb 6 09:46:15 EST 2013
On 2/5/2013 7:09 PM, Bram Cymet wrote:
> Hi,
>
> I am trying to get OpenAM working with kerberos authentication using
> Spnego.
>
> OpenAM runs in a tomcat container. SPNEGO works perfectly if I expose
> the tomcat connector directly. However if I put apache in front of
> tomcat either with mod jk or a proxypass to the ajp connector then the
> token is not being passed properly and tomcat reports a 401 error saying
> This request requires HTTP authentication ().
>
> So I am wondering if anyone has ever passed SPNEGO through apache to
> tomcat and if so how? Or maybe this isn't even possible.
how about:
https://wikis.forgerock.org/confluence/display/openam/How+does+OpenAM+work+with+Windows+Desktop+SSO
Shibboleth can also do this:
https://wiki.shibboleth.net/confluence/display/SHIB2/Kerberos+Login+Handler
Is the keytab readable by the tomcat?
>
> Thanks,
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list