Solved

Apache-Tomcat Single Sign On with NTLM/Kerberos on Windows 2008R2

Posted on 2014-11-25
3
229 Views
Last Modified: 2016-06-16
Hi, I need to setup a tomcat installation for a specific web application. As a premise, I am not really familiar with tomcat and java.
We would use sigle sign on for the login as all user works in a Windows domain.
I found a HowTo at the tomcat page ( Link ) and followed all steps (setspn, krb5 file, etc.).
I did set delegation to the user used for the tomcat service (mapped to SPN) and tomcat starts up.

Now how can I find out if it is working?
How to get the windows user name surfing on the tomcat server?
Are there some log files I can look at for the user?
Is someone here with experience implementig this that could help out?
We want to use the built-in facility.

Server: Windows 2008R2 SP1 all patches
Tomcat: 7.0.57 x64
Java: JDK 1.7.0.72 x64

Thank you and best regards
0
Comment
Question by:OliG
3 Comments
 

Author Comment

by:OliG
ID: 40488356
Nobody around that could help please?
0
 
LVL 3

Accepted Solution

by:
Brett Crawley earned 500 total points
ID: 41477003
Hi OliG

I wrote an article on how to do this that could perhaps help you a great deal in setting this up, you can find it here:

http://www.ostering.com/blog/2015/11/20/configuring-tomcat-single-sign-on-with-spnego-kerberos-ldap/

With regard to knowing if this is setup correctly, if you try to access a protected resource ie one within one of your defined security constraints and you are granted access then it should mean that everything is working otherwise you would get either a 401 Unauthorized HTTP status code which would mean that the user hasn't been able to authenticate and therefore authorization hasn't been performed or a "403 Forbidden" HTTP status code which would mean that the user doesn't have the roles required to access the resource.

You may also try using the request.getRemoteUser(); on the HttpServletRequest object.

Also in the article it details how to enable logging so you can see more information about what is going on.

Regards,

Brett
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question