IIS -> connector -> Tomcat (NTLM authentication)
I wanted to get feedback on a potential setup and wanted to make sure it would likely work before embarking on this path.
I want to use IIS in from of Tomcat to do NTLM authentication. There is a Web service running in tomcat that would get requests get forwarded to it by IIS.
This service requires knowledge of the remote NT user calling the service.
My question is that is this information passed along from IIS? If so, in what form is it passed. Is it passed in the HTTP header or something?
Thanks
Upvotes: 2
Views: 1965
Answers (2)
Reputation: 41
If you want to front end IIS with tomcat you can either use the ISAPI based connectors or use .net based connectors (http://tomcatiis.riaforge.org).
In both cases, IIS will automatically handle all authentication tasks and the connectors will forward the authenticated user to tomcat via http headers. This is simpler to do and more flexible, especially if you want to change authentication schemes later, i.e. use certificates, kerberos, AD, SAML.
On the tomcat side you only worry if things are successfull. Additional host headers will be populated for you automatically that contain user information.
There are several headers that will be populated based on which version of IIS you used.
The most common http header is AUTH_USER which will contain the name of the authenticated user. You can, then, take it from there.
Upvotes: 3
Related Questions
- Tomcat 8 and Windows NTLM authentication for non-domain user
- NTLM authentication over HTTP
- How to configure Tomcat to use Windows NTLM authentication?
- c# application with http interface needs to implement NTLM authentication
- NTLM Authentication in Asp.net
- NTLM Authentication in a Web Application (java)
- Single Sign On using NTLMv1 or NTLMv2 or kerberos to a Spring webapp on tomcat on linux
- Using Tomcat NTLM with Spring Security
- How can I use NTLM functionality with Apache tomacat?
- IIS WCF Service Accesed via JAVA with NTLM Authentication