Well I don't know all your specs there, but if your running Tomcat on a Windows server, you could install IIS and condfigure IIS to use IWA in conjunction with Tomcast.
It's been awhile since I did this, but below is the instructions I used a couple of years ago. I don't have the URL anymore. I am not sure if this will work for you, but it may.
How to setup single-signon using IIS and IWA security
Case: 52682037 Product: WebFOCUS Web Components Release: 7.6.4 Primary OS: Windows Date: 09/09/28
Case information refers to the Product, Release, and OS for which this question was asked. The solution may apply to other Products, Releases, and Operating Systems.
Problem:
How to setup single-signon in WebFOCUS using IIS with IWA Security?
Solution:
To setup single-singon in WebFOCUS using IIS with IWA Security, please follow
the steps below.
NOTE: These steps assume you already have a working WebFOCUS installation that
uses IIS as the web server. If this is not the case, please consult our
installation manual (DN 4500816.0509)for assistance:
http://documentation.ibi.com/m...wf76_win_install.pdf Single-signon steps:
1) On the machine where IIS is installed, navigate to the following location:
Start -> Control Panel -> Administrator Tools -> Internet Information
Services (IIS) Manager
2) Expand the machine name, then expand the "Web Sites" folder and right-click
on the website that WebFOCUS is setup under and choose "Properties".
The website chosen will typically be the "Default Web Site".
3) Select the "Directory Security" tab and click "Edit" under the
"Authentication and access control" section.
4) Uncheck "Enable anonymous access" and check the box for "Integrated
Windows Authentication" and click "Ok", and then "Ok" to close the
windows.
5) Right-Click on the website you just modified and choose "Stop".
6) Right-Click on the website you just modified and choose "Start".
7) If you are using Apache Tomcat for your application server, follow the steps
outlined in the "Solution" section of the following document to modify the
server.xml for Tomcat so that the REMOTE_USER variable can be used by
WebFOCUS.
http://techsupport.information...om/sps/51802023.html 8) Navigate to the following page and confirm that the value of REMOTE_USER
is populated and is not set to "null".
/ibi_apps/wfsysinf.jsp
If it is set to "null", please confirm the prior steps were done properly
and if you still have issues, please open a case with Techsupport.
9) Navigate to the following WebFOCUS page and log into Managed Reporting
Administration:
/ibi_apps/mradmin-login?
10) Create a new user with a userid that matches up with the userid portion
of what was shown for REMOTE_USER from step #8. This user should be given
the MR Administrator role and full ReportCaster privledges if ReportCaster
is installed.
11) Log into the WebFOCUS Administration Console at the following WebFOCUS
page:
/ibi_apps/console/webfocusconsole.jsp
12) Navigate to the following location within the WebFOCUS Administration
Console:
Configuration -> MR Security Settings -> General
13) Set the "Authentication" to "Trusted" so that the REMOTE_USER variable
populated by the IWA security on IIS will automatically be used by
Managed Reporting and click "Save".
When prompted about reloading the MR Realm driver, click "Ok".
14) Within the WebFOCUS Administration Console, please go to:
Configuration -> Startup Parameters
15) Modify the "ADMINISTRATORS" variable so that includes all the userids that
should have admin access within the WebFOCUS Administration Console using
a ";" to separate the id's and save the results.
This should be the same format as the id you created in Managed Reporting.
16) Modify the "IBIWFC_AUTHENTICATION" variable so that it is set to "WEB" and
save the setting.
This will make it so that the REMOTE_USER variable will be used to
automatically log you into the WebFOCUS Administration Console.
NOTE: If there are any issues logging into the WebFOCUS Administration
console after making these changes, these settings are written out to the
following file which can be manually edited:
\ibi\WebFOCUS76\client\wfc\web\cgi\ibiweb.cfg
17) To configure ReportCaster to also use the REMOTE_USER variable, please
follow the solution steps from the following document:
http://techsupport.information...om/sps/50152541.html"The User ID or Password you have entered is incorrect."
Message is received when attempting to login to Managed Reporting with Managed
Reporting Security set to "Trusted" and using the REMOTE_USER variable that is
populated from IIS.
MR Realm trace only shows:
[2009-06-29 03:36:33 EDT] {DEBUG} [WFMRX_MRSecurityDriver]
isLoginPageDisplayed: false
[2009-06-29 03:36:33 EDT] {DEBUG} [WFMRX_MRSecurityDriver]
isChangePasswordAllowed: false
/ibi_apps/wfsysinf.jsp shows:
App Server Apache Tomcat/5.5.25
REMOTE_USER
J2EE Role Unknown
Problem:
Tomcat is blocking the REMOTE_USER variable so that it never makes it from IIS
WebFOCUS Client.
Solution:
Modify the connector block within the Tomcat configuration so that Tomcat
Authentication is disabled and the REMOTE_USER variable will be allowed to pass
through.
To do this:
1) Open the following file within a text editor:
\Program Files\Apache Software Foundation\Tomcat 5.5\conf\server.xml
2) Find the following block:
< !-- Define an AJP 1.3 Connector on port 8009 -->
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
and change it to the following:
< !-- Define an AJP 1.3 Connector on port 8009 -->
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
3) Save the changes and restart the Tomcat service.
WebFOCUS 8.1.05