Answered by:
ADFS (server 2012 R2) with Tomcat 7

Question
-
Hi all
Do any fo you know if there is possible to directly integrate ADFS (in Windows Server 2012 R2) with a Tomcat 7 website to provide SSO and authentication for windows AD users?
So far I have been reading there are some third party tools to integrate both, but nothing about if it is possible to do it without third party software.
Thanks!
Friday, July 22, 2016 5:18 PM
Answers
-
While it is possible to integrate Tomcat 7 with ADDS, I would assume the same would be true with ADFS - if ADFS is integrated with the same ADDS that Tomcat 7 is integrated with. However, this is not for the faint of heart. Unless you are developer with good Kerberos experience and decent knowledge of ADDS, the below article may be a difficult read:
https://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.htmlBest Regards, Todd Heron | Active Directory Consultant
- Proposed as answer by Pierre Audonnet [MSFT]Microsoft employee Monday, July 25, 2016 2:00 PM
- Marked as answer by Agustín Abero Monday, July 25, 2016 2:11 PM
Friday, July 22, 2016 6:00 PM -
If you are hosting a claimed based authentication application on Tomcat 7, why not. ADFS is an STS. It supports: SAML2, WS-Fed, OAuth... So as long as your hosted application leverages one of these protocols, you can integrate with ADFS (and potentially other 3rd party STS). It's at the app level, not a the server level.
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
- Proposed as answer by Pierre Audonnet [MSFT]Microsoft employee Monday, July 25, 2016 2:00 PM
- Marked as answer by Agustín Abero Monday, July 25, 2016 2:11 PM
Friday, July 22, 2016 8:28 PM
All replies
-
While it is possible to integrate Tomcat 7 with ADDS, I would assume the same would be true with ADFS - if ADFS is integrated with the same ADDS that Tomcat 7 is integrated with. However, this is not for the faint of heart. Unless you are developer with good Kerberos experience and decent knowledge of ADDS, the below article may be a difficult read:
https://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.htmlBest Regards, Todd Heron | Active Directory Consultant
- Proposed as answer by Pierre Audonnet [MSFT]Microsoft employee Monday, July 25, 2016 2:00 PM
- Marked as answer by Agustín Abero Monday, July 25, 2016 2:11 PM
Friday, July 22, 2016 6:00 PM -
If you are hosting a claimed based authentication application on Tomcat 7, why not. ADFS is an STS. It supports: SAML2, WS-Fed, OAuth... So as long as your hosted application leverages one of these protocols, you can integrate with ADFS (and potentially other 3rd party STS). It's at the app level, not a the server level.
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
- Proposed as answer by Pierre Audonnet [MSFT]Microsoft employee Monday, July 25, 2016 2:00 PM
- Marked as answer by Agustín Abero Monday, July 25, 2016 2:11 PM
Friday, July 22, 2016 8:28 PM