Difference between revisions of "Windows Authentication"

From TempusServa wiki
Jump to navigation Jump to search
old>Admin
old>Admin
Line 36: Line 36:
Login to a machine connected to the Domain controller
Login to a machine connected to the Domain controller


Navigate to the TempusServa login page and check what happens
Navigate to the TempusServa login page and check if you are logged in and redirected to the main page.
* Logs in automatically
 
* Login bos displayed with "Login failed" message
Other results
* Login bos displayed with no messages
* Login displayed with "Login failed" message: The SPNEGO is working but it was not possible to match the Windows authenticated user to a (valid) user in the Tempus Serva database
* Login displayed without any messages: The SPNEGO is NOT working or is deactivated


== Other methods ==
== Other methods ==
* Waffle
* Waffle
* Tomcat 7 native SPNEGO
* Tomcat 7 native SPNEGO

Revision as of 00:54, 11 December 2014

Understanding AD integration

Recommended: SPNEGO filter

Installation part 1

  1. Run pre flight checklist
  2. Run installation

Troubleshooting

  • Check Tomcat is running in the same context as the domain user
  • Ensure only one SPN exists (with fully qualified name)

Installation part 2

Install the SPNEGO filter on the application

  1. Copy filter setting from the guide to <TempusServaApplication>\WEB-INF\web.xml
  2. Change the filter mapping from *.jsp to the login page
  <filter-mapping>
      <filter-name>SpnegoHttpFilter</filter-name>
      <url-pattern>/login</url-pattern>
  </filter-mapping>

Configure TempusServa to accept SSO by changing system configuration

  ssoSpnegoAuthenticate = true

Finally restart Tomcat

Testing the setup

Find a suitable user

  • Must exist as a Domain User in the AD server (ex. "TESTDOMAIN\DrStrangelove" )
  • Must exist as a user in Tempus Serva (ex. "DrStrangelove")

Login to a machine connected to the Domain controller

Navigate to the TempusServa login page and check if you are logged in and redirected to the main page.

Other results

  • Login displayed with "Login failed" message: The SPNEGO is working but it was not possible to match the Windows authenticated user to a (valid) user in the Tempus Serva database
  • Login displayed without any messages: The SPNEGO is NOT working or is deactivated

Other methods

  • Waffle
  • Tomcat 7 native SPNEGO