[prev in list] [next in list] [prev in thread] [next in thread]
List: tomcat-user
Subject: Re: siteMinder implementation for our application
From: André_Warnier_(tomcat) <aw () ice-sa ! com>
Date: 2017-03-25 14:32:25
Message-ID: 58D67F79.8060704 () ice-sa ! com
[Download RAW message or body]
On 24.03.2017 19:32, Kikkeri, Amith wrote:
> Hi,
> Our application runs on tomcat7 (Port 80) and we don't use a web server. We are \
> implementing SSO and planning to use siteMinder. When trying to install siteMinder \
> web agent, we realized that it is not recognizing tomcat. Please let me know if \
> there is an option to make siteMinder webagent work with tomcat7.
> If it is mandatory to use a web server, can we use IIS.
>
Hi.
Siteminder is a commercial product, and I would think that their support would be a \
better place to ask.
But if you search Google for "siteminder web agent for tomcat", you'll get plenty of \
links to get started.
http://lmgtfy.com/?q=siteminder+web+agent+for+tomcat
From what I gather, there doesn't indeed seem to be a way to integrate this directly \
in Tomcat (but again, ask on the Siteminder support sites), and you need to use a \
front-end webserver.
I that case, Apache and/or IIS will do, using the appropriate "connector" for Tomcat.
See here : http://tomcat.apache.org/connectors-doc/)
And here :
http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html#Standard_Implementations -->
tomcatAuthentication / tomcatAuthorization
The gist is : the front-end webserver does the user authentication using the \
Siteminder web agent, and then proxies the call to the application which runs under \
Tomcat. And when it does that, it also forwards the user-id to Tomcat.
And in Tomcat, these attributes (tomcatAuthentication / tomcatAuthorization) tell \
Tomcat to accept the user-id that the front-end sends to it, and use it to \
authenticate/authorize the same user under Tomcat.
In the links that you will get by searching Google, I have seen several pointing to
step-by-step guides to do this.
If you encounter a specific Tomcat-related issue while doing this, you are welcome to \
come back here and ask. But do the Siteminder homework first, because that is not a \
Tomcat issue.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic