successfully used your module to integrate SSO with Microsoft AD on Tomcat 6 and I am very pleased with it. Working with IEx, Chrome and FFox (with additionnal config) with no problems. Also using my configured realm to retreive the user roles from my existing
realm and not AD which works great for our solution.
Got a request to support Safari on Windows and not surprisingly, it does not work (using Safari on Windows to have a machine on the domain).
Quick googling suggest that Safari 2.0+ does support SPNEGO.
Someone have an idea or can forward me to a potential solution for this?
Jan 27, 2012 at 7:29 PM
Edited Jan 29, 2012 at 5:14 PM
I had never test SAFARI. So, I downloaded the browser.
Safari support SPNEGO on Windows, but... Safari does not send the session cookie during a NTLM authentication. Why? I do not know.
So, add the parameter bindauthenticationtotcpconnection to the file context.xml. It will work.
<Parameter name="bindauthenticationtotcpconnection" value="" override="false" />
It is only a problem with NTLM, not with Kerberos. The user must use the DNS name of the server, not an address, else NTLM is used.
Send the result, and bonne chance.