Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:

Apache-Tomcat Single Sign On with NTLM/Kerberos on Windows 2008R2

Hi, I need to setup a tomcat installation for a specific web application. As a premise, I am not really familiar with tomcat and java.
We would use sigle sign on for the login as all user works in a Windows domain.
I found a HowTo at the tomcat page ( Link ) and followed all steps (setspn, krb5 file, etc.).
I did set delegation to the user used for the tomcat service (mapped to SPN) and tomcat starts up.

Now how can I find out if it is working?
How to get the windows user name surfing on the tomcat server?
Are there some log files I can look at for the user?
Is someone here with experience implementig this that could help out?
We want to use the built-in facility.

Server: Windows 2008R2 SP1 all patches
Tomcat: 7.0.57 x64
Java: JDK 1.7.0.72 x64

Thank you and best regards
0
OliG
Asked:
OliG
1 Solution
 
OliGAuthor Commented:
Nobody around that could help please?
0
 
Brett CrawleyZone LeaderCommented:
Hi OliG

I wrote an article on how to do this that could perhaps help you a great deal in setting this up, you can find it here:

http://www.ostering.com/blog/2015/11/20/configuring-tomcat-single-sign-on-with-spnego-kerberos-ldap/

With regard to knowing if this is setup correctly, if you try to access a protected resource ie one within one of your defined security constraints and you are granted access then it should mean that everything is working otherwise you would get either a 401 Unauthorized HTTP status code which would mean that the user hasn't been able to authenticate and therefore authorization hasn't been performed or a "403 Forbidden" HTTP status code which would mean that the user doesn't have the roles required to access the resource.

You may also try using the request.getRemoteUser(); on the HttpServletRequest object.

Also in the article it details how to enable logging so you can see more information about what is going on.

Regards,

Brett
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now