Version 5
Created by anil.saldhana on Mar 10, 2006 2:57 PM. Last modified by anil.saldhana on Apr 12, 2011 6:10 PM.

    Externalization of Tomcat Authenticators

     

    Objective

    There are numerous occassion when the default authentication provided by the servlet spec (BASIC,FORM, CLIENT-CERT, DIGEST) is insufficient for an enterprise. Typical scenarios include integration with an Identity Management Solution from a third party vendor. It also includes custom processing needs, for example, if the authentication process needs to consider headers etc.

     

    Availability

    Starting JBoss 4.0.4GA, this feature is available as evidenced by the JIRA issue: http://jira.jboss.com/jira/browse/JBAS-2899

     

    (For 4.0.4.GA, please remember to take the patched jar from http://jira.jboss.com/jira/browse/JBAS-3212)

     

    Configuration

    1. In the jboss-service.xml of jbossweb-tomcat55.sar/META-INF, uncomment the attribute "Authenticators".

    2. In the server.xml file of jbossweb-tomcat55.sar, uncomment the host element with the configClass attribute in it.

      
<Host name="localhost" autoDeploy="false" deployOnStartup="false" deployXML="false"
                configClass="org.jboss.web.tomcat.security.config.JBossContextConfig">

    1. There is a configuration in the 4.0 testsuite where this is tested. The configuration is called "tomcat-federation-tests"

    > ant tomcat-federation-tests

     

    Information on Authenticators

    Test HeaderAuthenticator

    JBoss AS5 and Beyond

    Please look in default configuration section of PicketLinkAuthenticator for guidance.

    7085 Views Categories: Tags: