Difference between revisions of "Windows Authentication"
Jump to navigation
Jump to search
old>Admin |
old>Admin |
||
| Line 3: | Line 3: | ||
== Recommended: SPNEGO filter == | == Recommended: SPNEGO filter == | ||
Note the following guide is for Tomcat 6 or higher. | |||
=== Installation part 1 === | === Installation part 1 === | ||
Revision as of 02:01, 11 December 2014
Understanding AD integration
Recommended: SPNEGO filter
Note the following guide is for Tomcat 6 or higher.
Installation part 1
Troubleshooting
- Check Tomcat is running in the same context as the domain user
- Ensure only one SPN exists (with fully qualified name)
Installation part 2
Install the SPNEGO filter on the application
- Copy filter setting from the guide to <TempusServaApplication>\WEB-INF\web.xml
- Change the filter mapping from *.jsp to the login page
<filter-mapping>
<filter-name>SpnegoHttpFilter</filter-name>
<url-pattern>/login</url-pattern>
</filter-mapping>
Configure TempusServa to accept SSO by changing system configuration
ssoSpnegoAuthenticate = true
Finally restart Tomcat
Testing the setup
Find a suitable user
- Must exist as a Domain User in the AD server (ex. "TESTDOMAIN\DrStrangelove" )
- Must exist as a user in Tempus Serva (ex. "DrStrangelove")
Login to a machine connected to the Domain controller
Navigate to the TempusServa login page and check if you are logged in and redirected to the main page.
Other results
- Login displayed with "Login failed" message: The SPNEGO is working but it was not possible to match the Windows authenticated user to a (valid) user in the Tempus Serva database
- Login displayed without any messages: The SPNEGO is NOT working or is deactivated
Other methods
- Waffle
- Tomcat 7 native SPNEGO