Authentication using mod_auth does not work for WebSphere URLs.
 Technote (troubleshooting)
 
Problem(Abstract)
Using mod_auth authentication in the Apache V2.0 (any release) or IBM® HTTP Server V2.0 (any release) to password protect a website does not work for URLs that invoke the WebSphere® Application Server. The requested page is displayed without prompting the user to log in.

Pages served directly from the web server do prompt the user to login.
 
Cause
Beginning with for Apache and IBM HTTP Server version 2.0 , the WebSphere Application Server plugin module is loaded before all other modules and it is not possible to change the loading sequence. This is why mod_auth seems to "work" only for pages served directly from the web server.
 
Resolving the problem
Use WebSphere Security to password protect WebSphere URLs or use a reverse proxy server to perform front-end authentication (trust association).

Customers needing to use a combination of mod_auth and WebSphere security can use different virtual hosts to separate content.

For further instructions, see the links under Related Information.

 
Related information
Securing Web Applications in WebSphere
Virtual Hosts
Trust Associations
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 6.0.2
Software edition:
Reference #: 1217273
IBM Group: Software Group
Modified date: Sep 23, 2005