IIS 7 and Above
Reverse Proxy IIS to Apache Tomcat 8.0 with NTLM Authentication (SSO)
Last post May 18, 2018 02:46 PM by Sj87
May 16, 2018 03:51 PM|Sj87|LINK
We are currently using NTLM for SSO authentication in our application using IIS as our web server, but with the new upgrade in the application we now has to use Apache Tomcat as our primary web server.
So in order to get SSO working we are trying to use Reverse Proxy from IIS 10 to Apache Tomcat 8.0.22, with Windows Authentication (NTLM) at IIS level.
We used URL-Rewrite to redirect the user request from IIS to Apache web server which is working fine for Anonymous authentication.
But we are facing issue when we are trying to do the WIA(NTLM) authentication and pass the request to Tomcat. It is throwing 401 error. Can you please help with the below :
- Is URL-Rewrite supported with WIA (NTLM) authentication, We cannot use Kerberos as per the comapny guidelines so we have to use NTLM.
- Is there a document which can share more details on how to configure the same.
- Our application listens to HTTP connector of Tomcat, so we cannot use ISAPI_Redirect as it works with AJP connector. Please let me know if this understanding is correct.
- Please suggest if there is any better approach for the same.
Many thanks for your help in advance.
May 17, 2018 08:02 AM|deepakpanchal10|LINK
May 18, 2018 02:46 PM|Sj87|LINK
Thanks Deepak for the reply.
We are using Windows authentication so we have disable Anonymous Authentication for the website.
Also, we found that when doing reverse proxy with Windows authentication, the application is calling redirecting module first before calling the authentication module. So we are not even capturing the windows authentication NTLM token while sending the request
to Apache Tomcat, thus it is having no authorization in the call.
We tried URL-rewrite for reverse proxy. Not sure if we can try something else which allows windows authentication first and then the Redirect part.
Any help would be very much appreciated.