Apache-Tomcat Single Sign On with NTLM/Kerberos on Windows 2008R2

Hi, I need to setup a tomcat installation for a specific web application. As a premise, I am not really familiar with tomcat and java.
We would use sigle sign on for the login as all user works in a Windows domain.
I found a HowTo at the tomcat page ( Link ) and followed all steps (setspn, krb5 file, etc.).
I did set delegation to the user used for the tomcat service (mapped to SPN) and tomcat starts up.

Now how can I find out if it is working?
How to get the windows user name surfing on the tomcat server?
Are there some log files I can look at for the user?
Is someone here with experience implementig this that could help out?
We want to use the built-in facility.

Server: Windows 2008R2 SP1 all patches
Tomcat: 7.0.57 x64
Java: JDK 1.7.0.72 x64

Thank you and best regards
OliGAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

OliGAuthor Commented:
Nobody around that could help please?
0
Brett CrawleyZone LeaderCommented:
Hi OliG

I wrote an article on how to do this that could perhaps help you a great deal in setting this up, you can find it here:

http://www.ostering.com/blog/2015/11/20/configuring-tomcat-single-sign-on-with-spnego-kerberos-ldap/

With regard to knowing if this is setup correctly, if you try to access a protected resource ie one within one of your defined security constraints and you are granted access then it should mean that everything is working otherwise you would get either a 401 Unauthorized HTTP status code which would mean that the user hasn't been able to authenticate and therefore authorization hasn't been performed or a "403 Forbidden" HTTP status code which would mean that the user doesn't have the roles required to access the resource.

You may also try using the request.getRemoteUser(); on the HttpServletRequest object.

Also in the article it details how to enable logging so you can see more information about what is going on.

Regards,

Brett
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.