Difference between revisions of "Windows Authentication"
Jump to navigation
Jump to search
old>Admin |
old>Admin |
||
Line 33: | Line 33: | ||
* Must exist as a Domain User in the AD server (ex. "TESTDOMAIN\DrStrangelove" ) | * Must exist as a Domain User in the AD server (ex. "TESTDOMAIN\DrStrangelove" ) | ||
* Must exist as a user in Tempus Serva (ex. "DrStrangelove") | * Must exist as a user in Tempus Serva (ex. "DrStrangelove") | ||
Login to a machine connected to the Domain controller | |||
Navigate to the TempusServa login page and check what happens | |||
* Logs in automatically | |||
* Login bos displayed with "Login failed" message | |||
* Login bos displayed with no messages | |||
== Other methods == | == Other methods == | ||
* Waffle | * Waffle | ||
* Tomcat 7 native SPNEGO | * Tomcat 7 native SPNEGO |
Revision as of 00:51, 11 December 2014
Understanding AD integration
Recommended: SPNEGO filter
Installation part 1
- Run pre flight checklist
- Run installation
Troubleshooting
- Check Tomcat is running in the same context as the domain user
- Ensure only one SPN exists (with fully qualified name)
Installation part 2
Install the SPNEGO filter on the application
- Copy filter setting from the guide to <TempusServaApplication>\WEB-INF\web.xml
- Change the filter mapping from *.jsp to the login page
<filter-mapping> <filter-name>SpnegoHttpFilter</filter-name> <url-pattern>/login</url-pattern> </filter-mapping>
Configure TempusServa to accept SSO by changing system configuration
ssoSpnegoAuthenticate = true
Finally restart Tomcat
Testing the setup
Find a suitable user
- Must exist as a Domain User in the AD server (ex. "TESTDOMAIN\DrStrangelove" )
- Must exist as a user in Tempus Serva (ex. "DrStrangelove")
Login to a machine connected to the Domain controller
Navigate to the TempusServa login page and check what happens
- Logs in automatically
- Login bos displayed with "Login failed" message
- Login bos displayed with no messages
Other methods
- Waffle
- Tomcat 7 native SPNEGO