Automatic authentication for Single Sign On
9 posts
• Page 1 of 1
Automatic authentication for Single Sign On
Hi,
I was wondering if we can make use of isapi rewrite to automatically authenticate with an app that is hosted on tomcat 6.0.
When I enter the url of the app in Internet Explorer 7, for example, http://serverA:12345, I will be faced with an authentication challenge. After typing in, I'll be able to see the main page of the app.
So for that, I was wondering if the software is able to help to authenticate at http://serverA:12345, using the following requests:
1) http://serverA:12345?username=user1
2) username inside the http header
The purpose for the above is the desire for having single sign on in the environment.
Thanks!
I was wondering if we can make use of isapi rewrite to automatically authenticate with an app that is hosted on tomcat 6.0.
When I enter the url of the app in Internet Explorer 7, for example, http://serverA:12345, I will be faced with an authentication challenge. After typing in, I'll be able to see the main page of the app.
So for that, I was wondering if the software is able to help to authenticate at http://serverA:12345, using the following requests:
1) http://serverA:12345?username=user1
2) username inside the http header
The purpose for the above is the desire for having single sign on in the environment.
Thanks!
- HeliconAndrew
- Posts: 1264
- Joined: 07 Mar 2012, 10:16
Re: Automatic authentication for Single Sign On
Hello,
Your request #1 could be done using the following rule:
Unofrtunately, your second request can not be done using ISAPI_Rewrite.
Regards
Andrew
Your request #1 could be done using the following rule:
- Code: Select all
RewriteCond %{QUERY_STRING} ^([^=]+)=([^&]+)$
RewriteProxy ^$ http://%1:%2@serverA:12345/ [CR,L]
Unofrtunately, your second request can not be done using ISAPI_Rewrite.
Regards
Andrew
Re: Automatic authentication for Single Sign On
Hi,
thanks for the reply.
Looking at the code, I was thinking, could it mean that we can automatically authenticate with a page using this format:
http://<username>:<password>@website:port/ ?
I wasn't able to get that to work by typing that into Internet Explorer.
thanks for the reply.
Looking at the code, I was thinking, could it mean that we can automatically authenticate with a page using this format:
http://<username>:<password>@website:port/ ?
I wasn't able to get that to work by typing that into Internet Explorer.
- HeliconAndrew
- Posts: 1264
- Joined: 07 Mar 2012, 10:16
Re: Automatic authentication for Single Sign On
Yes, initially I was thinking about:
Does it work directly put in browser with like http://username:password@serverA:12345/ ???
Regards
Andrew
- Code: Select all
RewriteProxy /XXX http://username:password@serverA:12345/XXX [CR,L]
Does it work directly put in browser with like http://username:password@serverA:12345/ ???
Regards
Andrew
- HeliconAndrew
- Posts: 1264
- Joined: 07 Mar 2012, 10:16
Re: Automatic authentication for Single Sign On
This might not work in all browsers, especially in explorer.
And the main thing here is that our proxy module can understand and send these credentials as header to back end. This works only for basic-authentication.
Regards
Andrew
And the main thing here is that our proxy module can understand and send these credentials as header to back end. This works only for basic-authentication.
Regards
Andrew
Re: Automatic authentication for Single Sign On
I don't understand what you mean.
Our work is to be done using Internet Explorer.
The main page redirects to another page (the one that requires authentication) and to avoid having to login again, we're thinking of using this piece of software.
So is it ok or not ok?
Our work is to be done using Internet Explorer.
The main page redirects to another page (the one that requires authentication) and to avoid having to login again, we're thinking of using this piece of software.
So is it ok or not ok?
- HeliconAndrew
- Posts: 1264
- Joined: 07 Mar 2012, 10:16
Re: Automatic authentication for Single Sign On
Lets see,
you want authentication to be done while proxying for you, right?
We suggest that you request some made up URL that would match a pattern in rewrite rule and proxy and authenticate for you. Here's the rule:
and the request you'll need to do is: http://frontend/test
I was saying that user:pass@backend/test can not be requested in explorer as it is not supported in explorer.
Regards
Andrew
you want authentication to be done while proxying for you, right?
We suggest that you request some made up URL that would match a pattern in rewrite rule and proxy and authenticate for you. Here's the rule:
- Code: Select all
RewriteProxy /test http://user:pass@backend/test
and the request you'll need to do is: http://frontend/test
I was saying that user:pass@backend/test can not be requested in explorer as it is not supported in explorer.
Regards
Andrew
9 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests