'Re: siteMinder implementation for our application'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: siteMinder implementation for our application
From:       André_Warnier_(tomcat) <aw () ice-sa ! com>
Date:       2017-03-25 14:32:25
Message-ID: 58D67F79.8060704 () ice-sa ! com
[Download RAW message or body]

On 24.03.2017 19:32, Kikkeri, Amith wrote:
> Hi,
> Our application runs on tomcat7 (Port 80) and we don't use a web server. We are \
> implementing SSO and planning to use siteMinder. When trying to install siteMinder \
> web agent, we realized that it is not recognizing tomcat. Please let me  know if \
> there is an option to make siteMinder webagent work with tomcat7. 
> If it is mandatory to use a web server, can we use IIS.
> 
Hi.
Siteminder is a commercial product, and I would think that their support would be a \
better  place to ask.
But if you search Google for "siteminder web agent for tomcat", you'll get plenty of \
links  to get started.
http://lmgtfy.com/?q=siteminder+web+agent+for+tomcat

 From what I gather, there doesn't indeed seem to be a way to integrate this directly \
in  Tomcat (but again, ask on the Siteminder support sites), and you need to use a \
front-end  webserver.
I that case, Apache and/or IIS will do, using the appropriate "connector" for Tomcat.

See here : http://tomcat.apache.org/connectors-doc/)
And here : 
http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html#Standard_Implementations --> 
tomcatAuthentication / tomcatAuthorization

The gist is : the front-end webserver does the user authentication using the \
Siteminder  web agent, and then proxies the call to the application which runs under \
Tomcat. And when it does that, it also forwards the user-id to Tomcat.
And in Tomcat, these attributes (tomcatAuthentication / tomcatAuthorization) tell \
Tomcat  to accept the user-id that the front-end sends to it, and use it to \
authenticate/authorize  the same user under Tomcat.

In the links that you will get by searching Google, I have seen several pointing to 
step-by-step guides to do this.
If you encounter a specific Tomcat-related issue while doing this, you are welcome to \
come  back here and ask. But do the Siteminder homework first, because that is not a \
Tomcat issue.





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic