I have a standalone httpd+Tomcat 8.5.65 installation on OpenJDK 11 with OpenCms 11.0.2 for my client's internal website.
They have a LDAP network and they're requesting the automated logon using Kerberos (krb5).
We configured SPNego and it works on Tomcat: a test JSP page including the code:
<%= request.getRemoteUser() %>
works as intended (prints the username) when accessed through tomcat directly (port 8080). But when I access OpenCms via Tomcat, this authentication doesn't work. Specifically, the CmsJspLoginBean
object's isLoggedIn()
method returns false
. In other words, the current user is [Guest].
Is there anything I have to do to "connect" OpenCms to Kerberos on the OpenCms side, knowing that Tomcat is already correctly configured?
Also: OpenCms has the LDAP Connector installed and it works, I don't think it has anything to do with this.
Yes, you need to map the remote user to the OpenCms user registry and upon request need to create a session with OpenCms for this remote user. Ideally, this is done with your own user authenticator implementation, which results in a true seamless SSO experience (no rocket science). Let me know if you need further help with this.