Bug 65375 - IIS 10.0 as Tomcat reverse proxy does not send auth_type and remote_user AJP heder
Summary: IIS 10.0 as Tomcat reverse proxy does not send auth_type and remote_user AJP ...
Status: RESOLVED WORKSFORME
Alias: None
Product: Tomcat Connectors
Classification: Unclassified
Component: isapi (show other bugs)
Version: 1.2.46
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-14 06:33 UTC by clerici.paolo
Modified: 2021-07-06 14:59 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description clerici.paolo 2021-06-14 06:33:15 UTC 
I use IIS 10.0 as a reverse proxy of Tomcat 7.
IIS 10.0 use Windows Authentication.
When I run the javax.servlet.http.HttpServletRequest.getAuthType() method I get the null value.
When I run the javax.servlet.http.HttpServletRequest.getRemoteUser() method I get the null value.
Using IIS 6.1 with the same version of Tomcat everything works fine.
When I run the javax.servlet.http.HttpServletRequest.getAuthType() method I get "NTLM" string.
When I run the javax.servlet.http.HttpServletRequest.getRemoteUser() method I get the name of the user who authenticated with IIS.
The configuration of the two versions of IIS appears to be the same.
Seems to be missing some AJP headers including: remote_user (0x03) and auth_type (0x04) which instead are sent from IIS 6.1
Comment 1 Mark Thomas 2021-07-06 14:59:45 UTC 
Tested with IIS 10.0 on Windows Server 2016. This looks to be a configuration issue. Please use the users mailing list if you require further assistance.