Score:0

What is the proper way to use IIS to forward the REMOTE_USER header to Tomcat?

in flag

I am trying to set up SSO with IIS 10 and Tomcat 9. I want to use Windows Authentication in IIS and pass the authenticated username to Tomcat. I had this working with Tomcat 8.5, however after upgrading to Tomcat 9 I can't get the ISAPI_redirect.dll method to work.

Extensive searches have led to suggestions that ISAPI is not the way to go anymore. I attempted to use ARR, but since it forwards the requests before authentication you will always get a blank REMOTE_USER and AUTH_USER. So ARR is not a viable option without a third-party way to pass the authentication headers.

Another suggestion I saw was to use HttpPlatformHandler. However, the downloads are currently broken on the Microsoft site and it appears that the module is being replaced by ASP.NET Core. However, I can't find any information on how to use ASP.NET Core to perform the proxy I want.

What is the current recommended way to proxy requests from IIS to Tomcat and pass the authenticated user?

Edit: The HttpPlatformHandler download is back up. However, that is still not an option as it has the same issue as ARR and runs before authentication. It seems ISAPI is the only option other than third party applications to pass authenticated header information.

Score:0
in flag

The ISAPI DLL still seems to be the only way to do this if you are trying to use Windows Authentication in IIS and pass the authenticated username in the headers

I was able to get ISAPI to work. I think what fixed it was deleting web.config under C:\inetpub\wwwroot. I had removed the URL rewrites I made for my ARR attempt from the IIS interface but there was a lingering entry in that file.

mx flag
May you please detail how you get ISAPI to forward autenticated username as REMOTE_USER header ?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.