Version 4

    Searchable Title : Integration of JBoss Application Server with RSA Cleartrust authentication


    This is a "web access management solution" that does the authentication/authorization for webapps.  It currently does NOT support Tomcat or JBoss.  This is because it relies (by default) on passing the old CGI variable REMOTE_USER as an HTTP header and having the application server simply accept this user as authenticated.  Some application servers accept this variable today, but REMOTE_USER is not really a standard HTTP header and this old CGI variable is simply an artifact of 1996 web programming. 


    If you wish to get this working with JBoss, you can simply front JBoss with a Cleartrust certified web server (SunONE, IIS, Apache) and have the webserver do the authentication/authorization.  This webserver must be configured with mod_jk of course and a configuration must be made on the Tomcat to accept the user context being passed from the webserver. 


    To configure Tomcat you must edit deploy/jbossweb-tomcat55.sar/server.xml (assuming you are using the Tomcat instance embedded in JBoss AS).  Look for the AJP connector and add TomcatAuthentication="false".  It should look something like this:





    Now Tomcat will implicitly trust the upstream AJP request's indication of the authenticated username so that request.getRemoteUser() will return the correct authenticated username from within the J2EE context.



    Associated Links:


       RSA Cleartrust