Tomcat Integration
JOSSO Agent Valve for Apache Tomcat
Overview
The JOSSO Agent for Tomcat uses a custom Valve component to provide Single Sign-On for applications deployed on Apache Tomcat. It integrates at the container level, providing transparent authentication for all web applications.
Tomcat Valve
Container-level SSO
Java Security integration
Requirements
- Apache Tomcat 8.x, 9.x, or 10.x
- Java 8 or higher
- JOSSO Agent for Tomcat
- Network connectivity to JOSSO Server
Installation
1. Deploy the Agent Libraries
# Copy JOSSO agent JARs to Tomcat lib folder cp josso-agent-*.jar $CATALINA_HOME/lib/
2. Configure the Valve
Add the JOSSO Valve to server.xml or context.xml:
<!-- In server.xml, inside <Host> element -->
<Valve className="org.josso.tc80.agent.SSOAgentValve"
debug="1" />
<!-- Or in context.xml for specific app -->
<Context>
<Valve className="org.josso.tc80.agent.SSOAgentValve" />
</Context> Configuration
josso-agent-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<josso-agent>
<gateway-login-url>
https://idp.example.com/josso/signon/login.do
</gateway-login-url>
<gateway-logout-url>
https://idp.example.com/josso/signon/logout.do
</gateway-logout-url>
<partner-app>
<app-id>my-tomcat-app</app-id>
<app-location>/myapp</app-location>
<security-context-propagation>true</security-context-propagation>
</partner-app>
</josso-agent> Web Application web.xml
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>JOSSO</realm-name>
</login-config>
</web-app>