CA Service Management

Expand all | Collapse all

How to configure pass through authentication in TOMCAT for SDM R12.9 AA

Mohit Trehan

Mohit TrehanDec 05, 2014 02:29 PM

  • 1.  How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 03, 2014 01:35 AM

    Provide me the steps to configure pass through authentication in TOMCAT for SDM R12.9 Advance Availability. As below is the envrionment

    1. Background Server -1

    2. Standby Server - 1

    3. Application Server - 2

     

    Looking forward for the response

     

    Thanks,

    Mohit Trehan



  • 2.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 03, 2014 10:25 AM

    Mohit,

     

    Assuming this is a very simple Pass Through requirement, you may just need to implement something like WAFFLE.

     

    Hopefully this doc would help: TEC578799

     

    Of course, you’d need to do this on all the servers below.

     

    _R



  • 3.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Posted Dec 09, 2014 03:17 AM

    Hi Raghu,

     

    On the tech doc you mentioned: TEC578799. Although it works well, there is this line that one of my customers is concerned about:

     

    The procedure above is not yet formally certified, but is a known workaround.

     

    What does this line mean exactly? Don't you think this will deter\discourage users from adopting this tech doc?

     

    Regards,

    Brian



  • 4.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Dec 09, 2014 01:57 PM

    Hi Brian,

     

    WAFFLE approach was not formally certified by our Dev. A few of our customers had this requirement come up a few times and worked with support to understand how to overcome the challenge. In that process we've learnt a few things and started putting together a doc on the same.  Thats why the doc exists.

     

    One could raise a formal Idea to get Dev certify this formally as one of the out of the box authentications.   That way, this item would also be part of rest of out of the box authentication schemes we have.

     

    _R



  • 5.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Posted Oct 23, 2018 10:15 AM

    Hi Raghu.Rudraraju

    Is there the tec doc TEC578799 yet?

     

    I need the doc for tests.



  • 6.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Oct 23, 2018 11:15 AM


  • 7.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 03, 2014 02:18 PM

    An additional note:

     

    In a true AA environment you don't want users to access the APP servers by their names directly, so you will want to have a load balancer/redirector to route the traffic to any App server. It may be possible to configure the single sign at the load balancer level, depending on what you are using, so you may not need to use Waffle on the specific Tomcat. The configuration will depend on what load balancer you are using and if it offers that option.



  • 8.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 04, 2014 03:18 AM

    Thanks Alexander. Yes Application Server are on Load Balancer. So in this case I might not required to configure pass through requirement for all servers right ?

    I guess customer is providing load blancer from citrix. In this scenario suggest me under AA how I can configure pass through or Single Sign in for TOMCAT. as IIS is restrcited at customer end.

    Let me know if you have any docs for that

    Thanks,

    Mohit



  • 9.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 04, 2014 09:33 AM

    Mohit,

     

    I'm not too familiar with Citrix and if it has the abililty to pass authentication or not, you may need to reach out to Citrix Support if you aren't sure.

     

    Of course if all else fails you can still use Waffle, as Raghu suggested.

     




  • 10.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 11, 2014 04:34 AM

    HI Alexander / Raghu,

     

    I did the same steps for pass through authentication using TEC578799. I have applied on 2 Application server and using application server name it is working well. But 2 Application server are attached to loadbalancer. When I am opening url with Virtual server name it is opening with window security prompt. Can you let me know how to remove this window security

     

    Thanks,

    Mohit



  • 11.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 11, 2014 07:16 AM

    normally this means that the Domain that Tomcat is authenticating to a domain to which your end user machine browser does not do single sign on to.

     

    You may need to check with your windows admins to figure out what server waffle config should point to.



  • 12.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 11, 2014 10:09 AM

    Thanks Raghu, I am not getting properly. As you know App1 and App2 server url is autheticatiing, Means when open  the url http://App1:8080 or http://App2:8080/ it is opening successfully. But these  app1 and app2 are  under loadbalancer with name "App". So if  I am opening the http://App:8080 it is prompting a window security pop up window. So it means need to check out with windows admin or from my side I have to do any further modification

     

    Thanks,

    Mohit



  • 13.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 11, 2014 10:17 AM

    Thank you for clarifying Mohit.

     

    Given the results you have seen in this case, we'd have to try something that Alex proposed earlier:

     

    "In a true AA environment you don't want users to access the APP servers by their names directly, so you will want to have a load balancer/redirector to route the traffic to any App server. It may be possible to configure the single sign at the load balancer level, depending on what you are using, so you may not need to use Waffle on the specific Tomcat. The configuration will depend on what load balancer you are using and if it offers that option."



  • 14.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 11, 2014 12:56 PM

    Ok Thanks Raghu. I would like to ask another question on similar AA structure that I have. I am developing the staging enviornemt. So when developing the Prooduction envrionment , Can I take the MDB backup of staging MDB server and Upload into the Production Server ? Whereas Production MDB is in the cluster envrionment.



  • 15.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 11, 2014 08:41 PM

    Does your production already have data on it?  If so, such a copy from Dev -> Prod  from a Promotion of configuration changes aspect is not possible.

     

    If production doesn't have any data yet, then it might be OK.  Please do look into below articles though where several ideas were already raised and extensive discussions happened with some gotchas, requirements etc.,

     

    https://communities.ca.com/ideas/102988946

    https://communities.ca.com/ideas/109763550

    https://communities.ca.com/ideas/235713907

    https://communities.ca.com/thread/99240109

    https://communities.ca.com/thread/120154986

     

    It may also not be a bad idea to start a new thread for that, if you have further questions.

     

    _R



  • 16.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Nov 11, 2014 10:11 AM

    windows security means opening through IE11 asking for user name and password



  • 17.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Posted Dec 01, 2014 12:40 PM

    tremo01,

     

    Did member's responses clarify your doubt? Can we consider this answered?



  • 18.  Re: How to configure pass through authentication in TOMCAT for SDM R12.9 AA

    Broadcom Employee
    Posted Dec 05, 2014 02:29 PM

    yes Daniel