'Re: How to configure SPNEGO authentication with fallback to FORM auth?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: How to configure SPNEGO authentication with fallback to FORM auth?
From:       ken edward <kedward777 () gmail ! com>
Date:       2016-06-30 12:52:27
Message-ID: CAAqgmoPn3Qo61raq3EWTGH00d45hz4KhcYFYRB6wx15=EM0Gzw () mail ! gmail ! com
[Download RAW message or body]


I did get it to work. Simply merged existing spnego and form auth valves
together, I will try to post later..

On Fri, Jun 24, 2016 at 6:21 PM, Terence M. Bandoian <terence@tmbsw.com>
wrote:

> On 6/24/2016 10:45 AM, ken edward wrote:
>
>> On Fri, Jun 24, 2016 at 11:26 AM, Mark Thomas <markt@apache.org> wrote:
>>
>> On 24/06/2016 16:17, ken edward wrote:
>>>
>>>> On Fri, Jun 24, 2016 at 10:46 AM, Mark Thomas <markt@apache.org> wrote:
>>>>
>>>> On 24 June 2016 14:22:32 BST, ken edward <kedward777@gmail.com> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I have tomcat 8 on linux, configured with kerberos/SPNEGO
>>>>>> authentication.
>>>>>> All works well, but if the client cannot use kerberos to authenticate,
>>>>>> it
>>>>>> will not fallback to FORM authentication.
>>>>>>
>>>>>> I see some references that tomcat 8 does not do fallback negotiation
>>>>>> for
>>>>>> FORM auth. True?
>>>>>>
>>>>> Yes
>>>>>
>>>>> Any workarounds?
>>>>>>
>>>>> Nothing simple. Both SPNEGO and FORM have their complications. You'll
>>>>>
>>>> need
>>>
>>>> to code some form of custom solution.
>>>>>
>>>>> Have a look in the archives. This has come up before and I think there
>>>>>
>>>> is
>>>
>>>> some sample code that might get you most of the way there.
>>>>>
>>>>>
>>>>>
>>>>> I had already searched the mail archives, and did not see any sample
>>>>
>>> code.
>>>
>>>> If anyone has any insight, please do post some code fragments.
>>>>
>>> I was thinking of this:
>>> http://wiki.apache.org/tomcat/SSLWithFORMFallback
>>>
>>> Not quite what you are looking for but it might help.
>>>
>>>
>>> I guess I need to extend the SPNEGO valve code in tomcat 8 to handle
>> fallback to FORM auth, similar to SSLWIthFORMFallback. aaarg. Such a
>> simple
>> and essential use case. Perplexing that it is not implemented.
>>
>>
>
> If you get it working, you might consider submitting a patch.  Doing so
> might save someone else from cursing under their breath.
>
> -Terence Bandoian
> http://www.tmbsw.com/
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic