I have configured a tomcat instance with SPNEGO to perform user authentication. When I access the tomcat port directly, it causes my browser to request my user name and password, which I provide and which it validates correctly.
So far I haven't persuaded it to do the silent SPNEGO/Kerberos handshake and authenticate me without needing to type credentials, but that's another issue. :)
I am using Apache httpd with mod_proxy so that I can access port 80/443 and receive response from multiple tomcat instances on different ports. i.e.
ProxyPass /api/v1 http://localhost:18080/api/v1
ProxyPassReverse /api/v1 http://localhost:18080/api/v1
ProxyPass /myapp http://localhost:28080/myapp
ProxyPassReverse /myapp http://localhost:28080/myapp
The trouble I have is that when I access the site via the httpd reverse proxy, there is no handshake with my browser. Instead, I am being authenticated as the account under which httpd is running. i.e. "www".
Does anybody know what mod_proxy (or other) setting I need to tweak in order to let tomcat perform the user authentication when going through mod_proxy?
Or is there a better way of doing this?
