AJP connector with external authentication ------------------------------------------ Key: WFLY-2850 URL: https://issues.jboss.org/browse/WFLY-2850 Project: WildFly Issue Type: Feature Request Security Level: Public(Everyone can see) Components: Web (Undertow) Affects Versions: 8.0.0.CR1 Reporter: Geert Coelmont Assignee: Stuart Douglas Priority: Critical Tomcat allows to set the tomcatAuthentication attribute of the AJP connector to false to allow external web servers (e.g. apache httpd) to handle the authentication and pass that along. A similar option was added recently to JBossWeb as well (see WFLY-254), but JBossWeb has been replaced by Undertow. With Undertow this option isn't available as far as I can see. For me this is a critical problem as there is currently no way I can do negotiated (SPNEGO) authentication from within WildFly+Undertow. (See also WFLY-2404).