[jboss-jira] [JBoss JIRA] (WFLY-2850) AJP connector with external authentication

[Stuart Douglas (JIRA)]

    [ https://issues.jboss.org/browse/WFLY-2850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12952832#comment-12952832 ] 

Stuart Douglas commented on WFLY-2850:
--------------------------------------

What did the security domain setup for this look like in AS7/EAP6? I have implemented an authenticator based on this in Undertow, but it would be helpful to know what the server side config used to look like. 
                
> AJP connector with external authentication
> ------------------------------------------
>
>                 Key: WFLY-2850
>                 URL: https://issues.jboss.org/browse/WFLY-2850
>             Project: WildFly
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Web (Undertow)
>    Affects Versions: 8.0.0.CR1
>            Reporter: Geert Coelmont
>            Assignee: Stuart Douglas
>            Priority: Critical
>
> Tomcat allows to set the tomcatAuthentication attribute of the AJP connector to false to allow external web servers (e.g. apache httpd) to handle the authentication and pass that along.
> A similar option was added recently to JBossWeb as well (see WFLY-254), but JBossWeb has been replaced by Undertow. With Undertow this option isn't available as far as I can see.
> For me this is a critical problem as there is currently no way I can do negotiated (SPNEGO) authentication from within WildFly+Undertow. (See also WFLY-2404).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira