Je suis told that c'est possible to make a web application that does pas require a login. The user logs in to Windows, qui authenticates via an Active Directory (LDAP) Lookup. Then, they should be able to allez dans mon webapp et jamais see a login prompt. These customers have been referring to this as Single Sign On (perhaps incorrectly et part of mon confusion).
But, depuis what I read Single Sign On depuis le Tomcat docs is:
The Single Sign On Valve is utilized quand you wish to give users the
ability to sign on to any one of le web applications associated with
votre virtual host, et alors have leur identity recognized by all
autre web applications on le même virtual host.
Ceci est perfectly clear to me. User has to login once et can access chaque webapp on an instance of tomcat. But, what J'ai besoin de to do is somehow let them login sans ever providing tout credentials to mon tomcat server.
So, in order for this to work I imagine:
User makes request for certains page
Server sees no session token et alors request le client for certains credentials.
The clients browser sans tout intervention depuis le user provides certains credentials to le server.
Then, using those credentials provided by le clients browser it does a lookup in an LDAP.
J'ai seen certains examples qui use client side certificates... particularly le DoD PKI system qui makes certains sense to me parce que in those cases you configure Tomcat to request client side certs, mais juste logging into windows Je ne see how this would work et what information le browser would pass to le server etc. Is this what NTLM is used for?
