troubleshooting Question

Convincing a Web Browser that 2 web servers on the same host (different ports) are authenticated the same

Avatar of jlw011597
jlw011597Flag for United States of America asked on
Apache Web Server
10 Comments1 Solution208 ViewsLast Modified:
I have two web browsers running on the same host, but different ports.  

One is [based upon] Apache, and I have several locally developed scripts and documents presented there, all authenticated against modules that either came with the Apache implementation for this OS (not Windows, Mac or Unix), or have been written in-house.  These authentication methods check against OS-specific user authentication stores.  All involved authentications are configured in Apache as  AUTH BASIC.

The other is a third-party web server created by our Email software vendor.  Its purpose is for supporting that 3rd-party vendor's ADMINISTRATIVE TOOLS  (NOT a webmail implementation).  Unlike Apache, it is NOT extendable.  But it also uses the same kind of basic authentication AS FAR AS THE WEB BROWSERS KNOW.

 Several of my local scripts and documents hosted by my Apache server are authenticated against the same authentication stores as the 3rd-party vendor's administrative tools.  Essentially they are local extensions to these tools.  For example, the 3rd-party software vendor provides a web interface for users to change passwords.  We supply a web interface so the user who's forgotten their password can obtain a new one using a recorded challenge string/response pair and the user's realtime response to that challenge.  

While the 3rd-party vendor's web server is NOT extensible, many of its Administrative Tools ARE, and as a result it's easy to insert links to our local scripts & pages into the administrative tools.  But when users who have already authenticated to the 3rd-party vendor's pages/scripts click on our links there, they are confronted with authentication prompts in their browser, often for the SAME user id and password they just supplied a few clicks earlier.
I know WHY this is happening, of course.  The browser is moving from one web server to another (same hosts, different ports: 80 for APACHE and :7633 for the other server) and from one authentication realm to another.  Doesn't seem to matter to the browser that the different authentication realms are LOGICALLY the same, checking against the same community of users/passwords.  

Is there something I can tweak ON THE APACHE SIDE so that the browser will be fooled into thinking it's already authenticated to my local scripts once the 3rd-party vendor's authentications have been done?  Since I never want to see the password, but want the same userid, I could be very happy if I could eliminate  the excessive authentication prompts.

Of course, should the user go for MY pages/scripts first, I'd want to force them to authenticate.  And if they then followed links to the 3rd-party vendor's scripts/pages, I'd want to extend the same courtesy to them.

The aim of course, is to not frustrate/confuse the user who "Already Authenticated."  Kind of like avoiding the same frustration we all feel when in Voice-Mail  Hell on the phone -- please enter your 16-digit account  number, then do it again 5 selections later in the call.

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 10 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 10 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros