Windows Authentication

From TempusServa wiki
Revision as of 01:10, 11 December 2014 by old>Admin (→‎Installation part 1)
Jump to navigation Jump to search

Understanding AD integration

Recommended: SPNEGO filter

Note the following guide is for Tomcat 6 or higher.

Installation part 1

The first part of the installation ensures the basic SSO communication is in place.

  1. Run pre flight checklist
  2. Run installation

Troubleshooting

  • Check Tomcat is running in the same context as the domain user
  • Ensure only one SPN exists (with fully qualified name)

After a succesfull test you should remove the jsp test file.

Installation part 2

Install the SPNEGO filter on the application

  1. Copy filter setting from the guide to <TempusServaApplication>\WEB-INF\web.xml
  2. Change the filter mapping from *.jsp to the login page
  <filter-mapping>
      <filter-name>SpnegoHttpFilter</filter-name>
      <url-pattern>/login</url-pattern>
  </filter-mapping>

Configure TempusServa to accept SSO by changing system configuration

  ssoSpnegoAuthenticate = true

Finally restart Tomcat

Testing the setup

Find a suitable user

  • Must exist as a Domain User in the AD server (ex. "TESTDOMAIN\DrStrangelove" )
  • Must exist as a user in Tempus Serva (ex. "DrStrangelove")

Login to a machine connected to the Domain controller

Navigate to the TempusServa login page and check if you are logged in and redirected to the main page.

Other results

  • Login displayed with "Login failed" message: The SPNEGO is working but it was not possible to match the Windows authenticated user to a (valid) user in the Tempus Serva database
  • Login displayed without any messages: The SPNEGO is NOT working or is deactivated

Other methods

  • Waffle
  • Tomcat 7 native SPNEGO