Kerberos F؃NCAg̓ZLeB T|[g voC_[ (SSP) ƂĎAZLeB T|[g voC_[ C^[tFCX (SSPI) gpăANZXł܂B

https://tomcat.apache.org/tomcat-8.5-doc/windows-auth-howto.html

Reverse proxies

Apache httpd

apacheŃPxXF؂ɂ́umod_auth_sspi for use on Windows platforms.v

1.Configure httpd as a reverse proxy for Tomcat
2.Configure httpd to use Windows authentication
3.Configure Tomcat to use the authentication user information from httpd by setting the tomcatAuthentication attribute on the AJP connector to false.


apachetomcatAgAapachewindowsF؂悤ɂATomcatAJPRlN^[𖳌ɂtomcatAuthenticationg悤Tomcatݒ肷



http://int128.hatenablog.com/entry/20120816/1345114350

@tomcat apache-tomcat-8.5.23-windows-x64.zip
𓀐D:\apache-tomcat-8.5.23

AApacheWJ
  httpd-2.4.28-o110f-x64-vc14.zip
  𓀂tH_Ȃ́uApache24vDɈړ

BSSPIW[ǉ
  mod_authnz_sspi-0.1.1a1-2.4.x-x64-vc14.zip
  𓀂Apache24tH_́ubin\sspipkgs.exevuD:\Apache24\binvɃRs[
  𓀂Apache24tH_́umodule\mod_authnz_sspi.sovuD:\Apache24\modulesvɃRs[

Capachetomcat̘Agݒ
  D:\Apache24\conf\extra tH_ t@CFhttpd-proxy.conf ̋t@C쐬
  ̓eȉ̂Psɂ
  uProxyPass /examples/ ajp://localhost:8009/examples/v
  uProxyPass /examples/ ajp://localhost:8009/examples/v
  
  D:\Apache24\conf\httpd.conf eLXgGfB^[ŊJ
    uLoadModule ` modules/mod_proxy.sov̍sA擪#Ă#폜
    uLoadModule ` modules/mod_proxy_ajp.sov̍sA擪#Ă#폜
    t@C̍ŌɁuInclude D:\Apache24\conf\extra\httpd-proxy.confvǉiInclude conf/extra/httpd-proxy.confj
     ۑĕ
  
Dtomcat̃[U[ݒ
  D:\apache-tomcat-8.5.23\conf\tomcat-users.xml eLXgGfB^[ŊJ
  Ṓu</tomcat-users>v̑OɈȉ̂Qsǉ
  u<role rolename="manager-gui"/>v
  u<user username="admin" password="admin" roles="manager-gui"/>v
  ۑĕ

EAgmF
  D:\Apache24\bin\httpd.exe _uNbNŋN
  apachẽACR̃EBhEJƂmF
  D:\apache-tomcat-8.5.23\bin\startup.bat _uNbNŋN
  JavãACRtomcat̃EBhEJƂmF
  uEUŁuhttp://ctms/examples/index.htmlvictms̓zXgjJΘAg
  http://ctms:8080/examples/index.html ŊJĂ̂ http://ctms/examples/index.html ŊJ
  
  mFłapachetomcat~ieEBhECtrl{Cj

FapachewindowsF؂Lɂ
  D:\Apache24\conf\httpd.conf eLXgGfB^[ŊJ
  擪uLoadModulevŎn܂s̑OɈȉǉ
  uLoadModule authnz_sspi_module modules/mod_authnz_sspi.sov

  Ɉȉǉ
  <Location />
    # WindowsF
    AuthType SSPI
    SSPIAuth On
    SSPIAuthoritative On
    SSPIDomain DOMAIN
    SSPIOmitDomain On
    SSPIOfferBasic On
    Require valid-user
  </Location>

GtomcatAJPF؏󂯎悤ɐݒ
  D:\apache-tomcat-8.5.23\conf\server.xml eLXgGfB^[ŊJ
  uExecutorv^OƃRgɂȂĂ̂ŁARg̕^ỎɈȉǉ
  <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="100" minSpareThreads="10"/>
  <Connector executor="tomcatThreadPool" address="127.0.0.1" URIEncoding="UTF-8"
    tomcatAuthentication="false"
    port="8009" protocol="AJP/1.3" />
  <Connector executor="tomcatThreadPool" address="127.0.0.1" URIEncoding="UTF-8"
    port="18080" protocol="HTTP/1.1" />

  Xȉ̍s̓Rg
  u<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />v


Ql https://igapyon.github.io/diary/2008/ig080128.html