Windows tomcat not in domain + spnego

Aug 3, 2010 at 1:52 PM


Is it possible to configure spnego in following case.

Windows server 2008 + tomcat 5.5 in subnet 10.x.x.x behind firewall (Lab) and not in domain

Clients (IE) in domain and AD in normal network. Can I get this combination to work.

Configuration works now if I run IE in Tomcat server with local account, but AD accounts do not autenticate.




Aug 4, 2010 at 6:31 PM
Edited Aug 5, 2010 at 4:48 AM


Tomcat is running with an local account of the Windows 2008 server. It does not know the AD accounts. Your users cannot be identified, so cannot be authenticated, by Tomcat(NTLM or KERBEROS).

The server must be on the domain. Or use the version with the windows service. This service must be running on a Windows computer, member of AD.

What do you want to test?